Add metric counting DNS-over-HTTPS responses (#5130)

Signed-off-by: Rudolf Schonecker <rudolf.schonecker@jamf.com>

core/dnsserver/server_https.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/coredns/caddy"
+	"github.com/coredns/coredns/plugin/metrics/vars"
 	"github.com/coredns/coredns/plugin/pkg/dnsutil"
 	"github.com/coredns/coredns/plugin/pkg/doh"
 	"github.com/coredns/coredns/plugin/pkg/response"
@@ -128,12 +129,14 @@ func (s *ServerHTTPS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	if !s.validRequest(r) {
 		http.Error(w, "", http.StatusNotFound)
+		s.countResponse(http.StatusNotFound)
 		return
 	}
 
 	msg, err := doh.RequestToMsg(r)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
+		s.countResponse(http.StatusBadRequest)
 		return
 	}
 
@@ -157,6 +160,7 @@ func (s *ServerHTTPS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// handler has not provided any response message.
 	if dw.Msg == nil {
 		http.Error(w, "No response", http.StatusInternalServerError)
+		s.countResponse(http.StatusInternalServerError)
 		return
 	}
 
@@ -169,10 +173,15 @@ func (s *ServerHTTPS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%f", age.Seconds()))
 	w.Header().Set("Content-Length", strconv.Itoa(len(buf)))
 	w.WriteHeader(http.StatusOK)
+	s.countResponse(http.StatusOK)
 
 	w.Write(buf)
 }
 
+func (s *ServerHTTPS) countResponse(status int) {
+	vars.HTTPSResponsesCount.WithLabelValues(s.Addr, strconv.Itoa(status)).Inc()
+}
+
 // Shutdown stops the server (non gracefully).
 func (s *ServerHTTPS) Shutdown() error {
 	if s.httpsServer != nil {

plugin/metrics/README.md

@@ -20,9 +20,10 @@ the following metrics are exported:
 * `coredns_dns_do_requests_total{server, zone}` -  queries that have the DO bit set
 * `coredns_dns_response_size_bytes{server, zone, proto}` - response size in bytes.
 * `coredns_dns_responses_total{server, zone, rcode, plugin}` - response per zone, rcode and plugin.
+* `coredns_dns_https_responses_total{server, status}` - responses per server and http status code.
 * `coredns_plugin_enabled{server, zone, name}` - indicates whether a plugin is enabled on per server and zone basis.
 
-Each counter has a label `zone` which is the zonename used for the request/response.
+Almost each counter has a label `zone` which is the zonename used for the request/response.
 
 Extra labels used are:
 
@@ -34,6 +35,11 @@ Extra labels used are:
 * `type` which holds the query type. It holds most common types (A, AAAA, MX, SOA, CNAME, PTR, TXT,
   NS, SRV, DS, DNSKEY, RRSIG, NSEC, NSEC3, HTTPS, IXFR, AXFR and ANY) and "other" which lumps together all
   other types.
+* `status` which holds the https status code. Possible values are:
+  * 200 - request is processed,
+  * 404 - request has been rejected on validation,
+  * 400 - request to dns message conversion failed,
+  * 500 - processing ended up with no response. 
 * the `plugin` label holds the name of the plugin that made the write to the client. If the server
   did the write (on error for instance), the value is empty.
 

plugin/metrics/vars/vars.go

@@ -65,6 +65,13 @@ var (
 		Name:      "plugin_enabled",
 		Help:      "A metric that indicates whether a plugin is enabled on per server and zone basis.",
 	}, []string{"server", "zone", "name"})
+
+	HTTPSResponsesCount = promauto.NewCounterVec(prometheus.CounterOpts{
+		Namespace: plugin.Namespace,
+		Subsystem: subsystem,
+		Name:      "https_responses_total",
+		Help:      "Counter of DoH responses per server and http status code.",
+	}, []string{"server", "status"})
 )
 
 const (