Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-27 08:14:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

middleware/file: Support delegations (#124)

Browse Source 
Return a delegation when seeing one while traversing the tree in
search of an answer.

Put the SOA and NS record in the zone.Apex as these are to be handled
somewhat special.

Lowercase record on insert to make compares easier. This lowercases
all RR that have domain names in their rdata as well.
This commit is contained in:
Miek Gieben
2016-04-16 16:16:52 +01:00
parent f783634174
commit e294c95582
14 changed files with 288 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@@ -10,27 +10,27 @@ and a few others). CoreDNS should be stable enough to provide you with a good DN
Currently CoreDNS is able to:
* Serve zone data from a file, both DNSSEC (NSEC only atm) and DNS is supported. Delegation are
*not* supported as yet.
* Serve zone data from a file, both DNSSEC (NSEC only) and DNS is supported.
* Retrieve zone data from primaries, i.e. act as a secondary server.
* Loadbalancing of responses.
* Allow for zone transfers, i.e. act as a primary server.
* Use Etcd as a backend, i.e. a 92% replacement for
* Use etcd as a backend, i.e. a 94.5% replacement for
[SkyDNS](https://github.com/skynetservices/skydns).
* Serve as a proxy to forward queries to some other (recursive) nameserver.
* Rewrite queries (both qtype, qclass and qname).
* Provide metrics (by using Prometheus).
* Provide Logging.
* Provide load-balancing of returned responses.
* Provide load-balancing (A/AAAA shuffling) of returned responses.
* Has support for the CH class: `version.bind` and friends.
There are corner cases not implemented and a few [issues](https://github.com/miekg/coredns/issues).
There are still few [issues](https://github.com/miekg/coredns/issues), and work is ongoing on making
things fast and reduce the memory usage.
But all in all, CoreDNS should already be able to provide you with enough functionality to replace
parts of BIND9, Knot, NSD or PowerDNS.
However CoreDNS is still in the early stages of development. For now most documentation is in the
source and some blog articles can be [found here](https://miek.nl/tags/coredns/). If you do want to
use CoreDNS in production, please let us know and how we can help.
All in all, CoreDNS should be able to provide you with enough functionality to replace parts of
BIND9, Knot, NSD or PowerDNS.
Most documentation is in the source and some blog articles can be [found
here](https://miek.nl/tags/coredns/). If you do want to use CoreDNS in production, please let us
know and how we can help.
<https://caddyserver.com/> is also full of examples on how to structure a Corefile (renamed from
Caddyfile when I forked it).
@@ -86,10 +86,9 @@ All the above examples are possible with the *current* CoreDNS.
* Website?
* Logo?
* Code simplifications/refactors.
* Optimizations.
* Load testing.
* All the [issues](https://github.com/miekg/coredns/issues).
* The [issues](https://github.com/miekg/coredns/issues).
## Blog

15
middleware/canonical.go
View File

@@ -12,6 +12,8 @@ import (
//
// See http://bert-hubert.blogspot.co.uk/2015/10/how-to-do-fast-canonical-ordering-of.html
// for a blog article on this implementation.
//
// The values of a and b are *not* lowercased before the comparison!
func Less(a, b string) int {
i := 1
aj := len(a)
@@ -22,11 +24,12 @@ func Less(a, b string) int {
if oka && okb {
return 0
}
// sadly this []byte will allocate...
// sadly this []byte will allocate... TODO(miek): check if this is needed
// for a name, otherwise compare the strings.
ab := []byte(a[ai:aj])
toLowerAndDDD(ab)
bb := []byte(b[bi:bj])
toLowerAndDDD(bb)
doDDD(ab)
doDDD(bb)
res := bytes.Compare(ab, bb)
if res != 0 {
@@ -39,13 +42,9 @@ func Less(a, b string) int {
return 0
}
func toLowerAndDDD(b []byte) {
func doDDD(b []byte) {
lb := len(b)
for i := 0; i < lb; i++ {
if b[i] >= 'A' && b[i] <= 'Z' {
b[i] += 32
continue
}
if i+3 < lb && b[i] == '\\' && isDigit(b[i+1]) && isDigit(b[i+2]) && isDigit(b[i+3]) {
b[i] = dddToByte(b[i:])
for j := i + 1; j < lb-3; j++ {

9
middleware/canonical_test.go
View File

@@ -2,6 +2,7 @@ package middleware
import (
"sort"
"strings"
"testing"
)
@@ -53,6 +54,14 @@ func TestLess(t *testing.T) {
Tests:
for j, test := range tests {
// Need to lowercase these example as the Less function does lowercase for us anymore.
for i, b := range test.in {
test.in[i] = strings.ToLower(b)
}
for i, b := range test.out {
test.out[i] = strings.ToLower(b)
}
sort.Sort(set(test.in))
for i := 0; i < len(test.in); i++ {
if test.in[i] != test.out[i] {

30
middleware/etcd/README.md
View File

@@ -2,10 +2,10 @@
`etcd` enabled reading zone data from an etcd instance. The data in etcd has to be encoded as
a [message](https://github.com/skynetservices/skydns/blob/2fcff74cdc9f9a7dd64189a447ef27ac354b725f/msg/service.go#L26)
like [SkyDNS](https//github.com/skynetservices/skydns).
like [SkyDNS](https//github.com/skynetservices/skydns). It should also work just like SkyDNS.
The etcd middleware makes extensive use of the proxy middleware to forward and query
other servers in the network.
The etcd middleware makes extensive use of the proxy middleware to forward and query other servers
in the network.
## Syntax
@@ -15,7 +15,7 @@ etcd [zones...]
* `zones` zones etcd should be authoritative for.
The will default to `/skydns` as the path and the local etcd proxy (http://127.0.0.1:2379).
The path will default to `/skydns` the local etcd proxy (http://127.0.0.1:2379).
If no zones are specified the block's zone will be used as the zone.
If you want to `round robin` A and AAAA responses look at the `loadbalance` middleware.
@@ -30,10 +30,28 @@ etcd [zones...] {
}
~~~
* `stubzones` enable the stub zones feature.
* `stubzones` enable the stub zones feature. The stubzone is *only* done in the etcd tree located
under the *first* zone specified.
* `path` the path inside etcd, defaults to "/skydns".
* `endpoint` the etcd endpoints, default to "http://localhost:2397".
* `upstream` upstream resolvers to be used resolve external names found in etcd.
* `upstream` upstream resolvers to be used resolve external names found in etcd, think CNAMEs
pointing to external names. If you want CoreDNS to act as a proxy for clients you'll need to add
the proxy middleware.
* `tls` followed the cert, key and the CA's cert filenames.
## Examples
This is the default SkyDNS setup, with everying specified in full:
~~~
.:53 {
etcd {
stubzones
path /skydns
endpoint http://localhost:2397
upstream 8.8.8.8:53 8.8.4.4:53
}
loadbalance
proxy . 8.8.8.8:53 8.8.4.4:53
}
~~~

2
middleware/file/closest.go
View File

@@ -17,7 +17,7 @@ func (z *Zone) ClosestEncloser(qname string, qtype uint16) string {
offset, end = dns.NextLabel(qname, offset)
}
return z.SOA.Header().Name
return z.Apex.SOA.Header().Name
}
// nameErrorProof finds the closest encloser and return an NSEC that proofs

106
middleware/file/delegation_test.go Normal file
View File

@@ -0,0 +1,106 @@
package file
import (
"sort"
"strings"
"testing"
"github.com/miekg/coredns/middleware"
"github.com/miekg/coredns/middleware/test"
"github.com/miekg/dns"
"golang.org/x/net/context"
)
var delegationTestCases = []test.Case{
{
Qname: "a.delegated.miek.nl.", Qtype: dns.TypeTXT,
Ns: []dns.RR{
test.NS("delegated.miek.nl. 1800 IN NS a.delegated.miek.nl."),
test.NS("delegated.miek.nl. 1800 IN NS ns-ext.nlnetlabs.nl."),
},
Extra: []dns.RR{
test.A("a.delegated.miek.nl. 1800 IN A 139.162.196.78"),
test.AAAA("a.delegated.miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
},
},
{
Qname: "delegated.miek.nl.", Qtype: dns.TypeNS,
Answer: []dns.RR{
test.NS("delegated.miek.nl. 1800 IN NS a.delegated.miek.nl."),
test.NS("delegated.miek.nl. 1800 IN NS ns-ext.nlnetlabs.nl."),
},
},
}
func TestLookupDelegation(t *testing.T) {
zone, err := Parse(strings.NewReader(dbMiekNL_delegation), testzone, "stdin")
if err != nil {
t.Fatalf("expect no error when reading zone, got %q", err)
}
fm := File{Next: test.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{testzone: zone}, Names: []string{testzone}}}
ctx := context.TODO()
for _, tc := range delegationTestCases {
m := tc.Msg()
rec := middleware.NewResponseRecorder(&test.ResponseWriter{})
_, err := fm.ServeDNS(ctx, rec, m)
if err != nil {
t.Errorf("expected no error, got %v\n", err)
return
}
resp := rec.Msg()
sort.Sort(test.RRSet(resp.Answer))
sort.Sort(test.RRSet(resp.Ns))
sort.Sort(test.RRSet(resp.Extra))
if !test.Header(t, tc, resp) {
t.Logf("%v\n", resp)
continue
}
if !test.Section(t, tc, test.Answer, resp.Answer) {
t.Logf("%v\n", resp)
}
if !test.Section(t, tc, test.Ns, resp.Ns) {
t.Logf("%v\n", resp)
}
if !test.Section(t, tc, test.Extra, resp.Extra) {
t.Logf("%v\n", resp)
}
}
}
const dbMiekNL_delegation = `
$TTL 30M
$ORIGIN miek.nl.
@ IN SOA linode.atoom.net. miek.miek.nl. (
1282630057 ; Serial
4H ; Refresh
1H ; Retry
7D ; Expire
4H ) ; Negative Cache TTL
IN NS linode.atoom.net.
IN NS ns-ext.nlnetlabs.nl.
IN NS omval.tednet.nl.
IN NS ext.ns.whyscream.net.
IN MX 1 aspmx.l.google.com.
IN MX 5 alt1.aspmx.l.google.com.
IN MX 5 alt2.aspmx.l.google.com.
IN MX 10 aspmx2.googlemail.com.
IN MX 10 aspmx3.googlemail.com.
delegated IN NS a.delegated
IN NS ns-ext.nlnetlabs.nl.
a.delegated IN TXT "obscured"
IN A 139.162.196.78
IN AAAA 2a01:7e00::f03c:91ff:fef1:6735
a IN A 139.162.196.78
IN AAAA 2a01:7e00::f03c:91ff:fef1:6735
www IN CNAME a
archive IN CNAME a`

13
middleware/file/file.go
View File

@@ -80,18 +80,15 @@ func (f File) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (i
m := new(dns.Msg)
m.SetReply(r)
m.Authoritative, m.RecursionAvailable, m.Compress = true, true, true
m.Answer, m.Ns, m.Extra = answer, ns, extra
switch result {
case Success:
m.Answer = answer
m.Ns = ns
m.Extra = extra
case NameError:
m.Ns = ns
m.Rcode = dns.RcodeNameError
fallthrough
case NoData:
m.Ns = ns
case NameError:
m.Rcode = dns.RcodeNameError
case Delegation:
m.Authoritative = false
case ServerFailure:
return dns.RcodeServerFailure, nil
}

35
middleware/file/lookup.go
View File

@@ -12,6 +12,7 @@ type Result int
const (
Success Result = iota
NameError
Delegation
NoData
ServerFailure
)
@@ -22,6 +23,9 @@ func (z *Zone) Lookup(qname string, qtype uint16, do bool) ([]dns.RR, []dns.RR,
if qtype == dns.TypeSOA {
return z.lookupSOA(do)
}
if qtype == dns.TypeNS && qname == z.origin {
return z.lookupNS(do)
}
elem, res := z.Tree.Search(qname, qtype)
if elem == nil {
@@ -30,6 +34,21 @@ func (z *Zone) Lookup(qname string, qtype uint16, do bool) ([]dns.RR, []dns.RR,
}
return z.nameError(qname, qtype, do)
}
if res == tree.Delegation {
rrs := elem.Types(dns.TypeNS)
glue := []dns.RR{}
for _, ns := range rrs {
if dns.IsSubDomain(ns.Header().Name, ns.(*dns.NS).Ns) {
// even with Do, this should be unsigned.
elem, res := z.Tree.SearchGlue(ns.(*dns.NS).Ns)
if res == tree.Found {
glue = append(glue, elem.Types(dns.TypeAAAA)...)
glue = append(glue, elem.Types(dns.TypeA)...)
}
}
}
return nil, rrs, glue, Delegation
}
rrs := elem.Types(dns.TypeCNAME)
if len(rrs) > 0 { // should only ever be 1 actually; TODO(miek) check for this?
@@ -87,9 +106,9 @@ func (z *Zone) nameError(qname string, qtype uint16, do bool) ([]dns.RR, []dns.R
}
// name error
ret := []dns.RR{z.SOA}
ret := []dns.RR{z.Apex.SOA}
if do {
ret = append(ret, z.SIG...)
ret = append(ret, z.Apex.SIGSOA...)
ret = append(ret, z.nameErrorProof(qname, qtype)...)
}
return nil, ret, nil, NameError
@@ -97,10 +116,18 @@ func (z *Zone) nameError(qname string, qtype uint16, do bool) ([]dns.RR, []dns.R
func (z *Zone) lookupSOA(do bool) ([]dns.RR, []dns.RR, []dns.RR, Result) {
if do {
ret := append([]dns.RR{z.SOA}, z.SIG...)
ret := append([]dns.RR{z.Apex.SOA}, z.Apex.SIGSOA...)
return ret, nil, nil, Success
}
return []dns.RR{z.SOA}, nil, nil, Success
return []dns.RR{z.Apex.SOA}, nil, nil, Success
}
func (z *Zone) lookupNS(do bool) ([]dns.RR, []dns.RR, []dns.RR, Result) {
if do {
ret := append(z.Apex.NS, z.Apex.SIGNS...)
return ret, nil, nil, Success
}
return z.Apex.NS, nil, nil, Success
}
// lookupNSEC looks up nsec and sigs.

6
middleware/file/lookup_test.go
View File

@@ -35,6 +35,12 @@ var dnsTestCases = []test.Case{
test.AAAA("miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
},
},
{
Qname: "mIeK.NL.", Qtype: dns.TypeAAAA,
Answer: []dns.RR{
test.AAAA("miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
},
},
{
Qname: "miek.nl.", Qtype: dns.TypeMX,
Answer: []dns.RR{

13
middleware/file/secondary.go
View File

@@ -55,8 +55,7 @@ Transfer:
}
z.Tree = z1.Tree
z.SOA = z1.SOA
z.SIG = z1.SIG
z.Apex = z1.Apex
*z.Expired = false
log.Printf("[INFO] Transferred: %s from %s", z.origin, tr)
return nil
@@ -91,7 +90,7 @@ Transfer:
if serial == -1 {
return false, Err
}
return less(z.SOA.Serial, uint32(serial)), Err
return less(z.Apex.SOA.Serial, uint32(serial)), Err
}
// less return true of a is smaller than b when taking RFC 1982 serial arithmetic into account.
@@ -108,15 +107,15 @@ func less(a, b uint32) bool {
// will be marked expired.
func (z *Zone) Update() error {
// If we don't have a SOA, we don't have a zone, wait for it to appear.
for z.SOA == nil {
for z.Apex.SOA == nil {
time.Sleep(1 * time.Second)
}
retryActive := false
Restart:
refresh := time.Second * time.Duration(z.SOA.Refresh)
retry := time.Second * time.Duration(z.SOA.Retry)
expire := time.Second * time.Duration(z.SOA.Expire)
refresh := time.Second * time.Duration(z.Apex.SOA.Refresh)
retry := time.Second * time.Duration(z.Apex.SOA.Retry)
expire := time.Second * time.Duration(z.Apex.SOA.Expire)
if refresh < time.Hour {
refresh = time.Hour

6
middleware/file/secondary_test.go
View File

@@ -85,7 +85,7 @@ func TestShouldTransfer(t *testing.T) {
z.TransferFrom = []string{addrstr}
// Serial smaller
z.SOA = test.SOA(fmt.Sprintf("%s IN SOA bla. bla. %d 0 0 0 0 ", testZone, soa.serial-1))
z.Apex.SOA = test.SOA(fmt.Sprintf("%s IN SOA bla. bla. %d 0 0 0 0 ", testZone, soa.serial-1))
should, err := z.shouldTransfer()
if err != nil {
t.Fatalf("unable to run shouldTransfer: %v", err)
@@ -94,7 +94,7 @@ func TestShouldTransfer(t *testing.T) {
t.Fatalf("shouldTransfer should return true for serial: %q", soa.serial-1)
}
// Serial equal
z.SOA = test.SOA(fmt.Sprintf("%s IN SOA bla. bla. %d 0 0 0 0 ", testZone, soa.serial))
z.Apex.SOA = test.SOA(fmt.Sprintf("%s IN SOA bla. bla. %d 0 0 0 0 ", testZone, soa.serial))
should, err = z.shouldTransfer()
if err != nil {
t.Fatalf("unable to run shouldTransfer: %v", err)
@@ -125,7 +125,7 @@ func TestTransferIn(t *testing.T) {
if err != nil {
t.Fatalf("unable to run TransferIn: %v", err)
}
if z.SOA.String() != fmt.Sprintf("%s 3600 IN SOA bla. bla. 250 0 0 0 0", testZone) {
if z.Apex.SOA.String() != fmt.Sprintf("%s 3600 IN SOA bla. bla. 250 0 0 0 0", testZone) {
t.Fatalf("unknown SOA transferred")
}
}

2
middleware/file/tree/elem.go
View File

@@ -91,7 +91,7 @@ func (e *Elem) Delete(rr dns.RR) (empty bool) {
return
}
// Less is a tree helper function that calles middleware.Less.
// Less is a tree helper function that calls middleware.Less.
func Less(a *Elem, name string) int { return middleware.Less(name, a.Name()) }
// Assuming the same type and name this will check if the rdata is equal as well.

28
middleware/file/tree/tree.go
View File

@@ -30,6 +30,7 @@ const (
Found Result = iota
NameError
EmptyNonTerminal
Delegation
)
// Operation mode of the LLRB tree.
@@ -154,16 +155,35 @@ func (t *Tree) Search(qname string, qtype uint16) (*Elem, Result) {
if t.Root == nil {
return nil, NameError
}
n, res := t.Root.search(qname, qtype)
n, res := t.Root.search(qname, qtype, false)
if n == nil {
return nil, res
}
return n.Elem, res
}
func (n *Node) search(qname string, qtype uint16) (*Node, Result) {
// SearchGlue returns the first match of qname/(A/AAAA) in the Tree.
func (t *Tree) SearchGlue(qname string) (*Elem, Result) {
// TODO(miek): shouldn't need this, because when we *find* the delegation, we
// know for sure that any glue is under it. Should change the return values
// to return the node, so we can resume from those.
if t.Root == nil {
return nil, NameError
}
n, res := t.Root.search(qname, dns.TypeA, true)
if n == nil {
return nil, res
}
return n.Elem, res
}
// search searches the tree for qname and type. If glue is true the search *does* not
// spot when hitting NS records, but descends in search of glue. The qtype for this
// kind of search can only be AAAA or A.
func (n *Node) search(qname string, qtype uint16, glue bool) (*Node, Result) {
old := n
for n != nil {
switch c := Less(n.Elem, qname); {
case c == 0:
return n, Found
@@ -171,6 +191,10 @@ func (n *Node) search(qname string, qtype uint16) (*Node, Result) {
old = n
n = n.Left
default:
if !glue && n.Elem.Types(dns.TypeNS) != nil {
return n, Delegation
}
old = n
n = n.Right
}

64
middleware/file/zone.go
View File

@@ -5,6 +5,7 @@ import (
"log"
"os"
"path"
"strings"
"sync"
"github.com/miekg/coredns/middleware"
@@ -15,11 +16,10 @@ import (
)
type Zone struct {
SOA *dns.SOA
SIG []dns.RR
origin string
file string
*tree.Tree
Apex Apex
TransferTo []string
StartupOnce sync.Once
@@ -31,6 +31,13 @@ type Zone struct {
// TODO: shutdown watcher channel
}
type Apex struct {
SOA *dns.SOA
NS []dns.RR
SIGSOA []dns.RR
SIGNS []dns.RR
}
// NewZone returns a new zone.
func NewZone(name, file string) *Zone {
z := &Zone{origin: dns.Fqdn(name), file: path.Clean(file), Tree: &tree.Tree{}, Expired: new(bool)}
@@ -44,28 +51,50 @@ func (z *Zone) Copy() *Zone {
z1.TransferTo = z.TransferTo
z1.TransferFrom = z.TransferFrom
z1.Expired = z.Expired
z1.SOA = z.SOA
z1.SIG = z.SIG
z1.Apex = z.Apex
return z1
}
// Insert inserts r into z.
func (z *Zone) Insert(r dns.RR) error {
r.Header().Name = strings.ToLower(r.Header().Name)
switch h := r.Header().Rrtype; h {
case dns.TypeNS:
r.(*dns.NS).Ns = strings.ToLower(r.(*dns.NS).Ns)
if r.Header().Name == z.origin {
z.Apex.NS = append(z.Apex.NS, r)
return nil
}
case dns.TypeSOA:
z.SOA = r.(*dns.SOA)
r.(*dns.SOA).Ns = strings.ToLower(r.(*dns.SOA).Ns)
r.(*dns.SOA).Mbox = strings.ToLower(r.(*dns.SOA).Mbox)
z.Apex.SOA = r.(*dns.SOA)
return nil
case dns.TypeNSEC3, dns.TypeNSEC3PARAM:
return fmt.Errorf("NSEC3 zone is not supported, dropping")
case dns.TypeRRSIG:
if x, ok := r.(*dns.RRSIG); ok && x.TypeCovered == dns.TypeSOA {
z.SIG = append(z.SIG, x)
x := r.(*dns.RRSIG)
switch x.TypeCovered {
case dns.TypeSOA:
z.Apex.SIGSOA = append(z.Apex.SIGSOA, x)
return nil
case dns.TypeNS:
if r.Header().Name == z.origin {
z.Apex.SIGNS = append(z.Apex.SIGNS, x)
return nil
}
fallthrough
default:
z.Tree.Insert(r)
}
case dns.TypeCNAME:
r.(*dns.CNAME).Target = strings.ToLower(r.(*dns.CNAME).Target)
case dns.TypeMX:
r.(*dns.MX).Mx = strings.ToLower(r.(*dns.MX).Mx)
case dns.TypeSRV:
r.(*dns.SRV).Target = strings.ToLower(r.(*dns.SRV).Target)
}
z.Tree.Insert(r)
return nil
}
@@ -88,16 +117,22 @@ func (z *Zone) TransferAllowed(state middleware.State) bool {
func (z *Zone) All() []dns.RR {
z.reloadMu.RLock()
defer z.reloadMu.RUnlock()
records := []dns.RR{}
allNodes := z.Tree.All()
for _, a := range allNodes {
records = append(records, a.All()...)
}
if len(z.SIG) > 0 {
records = append(z.SIG, records...)
if len(z.Apex.SIGNS) > 0 {
records = append(z.Apex.SIGNS, records...)
}
return append([]dns.RR{z.SOA}, records...)
records = append(z.Apex.NS, records...)
if len(z.Apex.SIGSOA) > 0 {
records = append(z.Apex.SIGSOA, records...)
}
return append([]dns.RR{z.Apex.SOA}, records...)
}
func (z *Zone) Reload(shutdown chan bool) error {
@@ -132,8 +167,7 @@ func (z *Zone) Reload(shutdown chan bool) error {
continue
}
// copy elements we need
z.SOA = zone.SOA
z.SIG = zone.SIG
z.Apex = zone.Apex
z.Tree = zone.Tree
z.reloadMu.Unlock()
log.Printf("[INFO] Successfully reloaded zone `%s'", z.origin)