* plugin/dnssec: use entire RRset as key input
This uses the entire rrset as input for the hash key; this is to detect
differences in the RRset and generate the correct signature.
As this would then lead to unbounded growth, we periodically (every 8h)
prune the cache of old entries. In theory we could rely on the random
eviction, but it seems nicer to do this in a maintannce loop so that we
remove the unused ones. This required adding a Walk function to the
plugin/pkg/cache.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/dnssec/cache.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* plugin/bind: exclude interface or ip address
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* fix README.md
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Apply suggestions, Fix test
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Apply suggestions, move errs to setup
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
To combat label cardinality explosions remove the type from metrics.
This was most severe in the histogram for request duration, remove it
there.
It's also highlighted difference between grpc and forward code, where
forward did use type and grpc didn't; getting rid of all that "fixes"
that discrepancy
Move monitor.go back into the vars directory and make it private again.
Also name it slightly better
Fixes: #4507
Signed-off-by: Miek Gieben <miek@miek.nl>
When the interface doesn't exist you get:
plugin/bind: not a valid IP address: eth0
Fix the wording that this can also be interface name. Also %q the
argument in the error mesg.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Discard link-local addresses on binding
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Update plugin/bind: README.md
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Except for IPv6 link-local only
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* auto make -f Makefile.doc
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Bind by interface name
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* README.md: Interface with multiple address
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* auto make -f Makefile.doc
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* auto make -f Makefile.doc
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Elaborate more on the behaviour in README.md, revert man/*, fix tests
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* auto make -f Makefile.doc
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* --sign-off
Revert man/* to fix DCO check
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* auto make -f Makefile.doc
* Revert man/* to fix DCO check
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
Co-authored-by: coredns-auto-go-mod-tidy[bot] <coredns-auto-go-mod-tidy[bot]@users.noreply.github.com>
* transfer: reply with refused
When the *transfer* plugin is not loaded and of the handlers will still
see the AXFR/IXFR request because it is not intercepted.
They need to reply with REFUSED in that case. Update file, auto and k8s
to do this. Add testcase in the file plugin.
Ideally *erratic* should be moved over as well, but maybe that's
*erratic*
This is a bug fix.
Signed-off-by: Miek Gieben <miek@miek.nl>
* import path
Signed-off-by: Miek Gieben <miek@miek.nl>
When err=nil try to determine the version of the k8s cluster and disable
endpoint slices. Don't return from connecting to the cluster.
In the future we should just default to true, and delete all this code.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Rewrite plugin - rewrite SRV targets and names in response answer and additional records
Signed-off-by: Nic Colledge <nic@njcolledge.net>
* Added README content to describe new behaviour
Signed-off-by: Nic Colledge <nic@njcolledge.net>
* Added more record types to rewrite handling based on PR/Issue feedback
Signed-off-by: Nic Colledge <nic@njcolledge.net>
* Updated README.md for plugin
Signed-off-by: Nic Colledge <nic@njcolledge.net>
* Updated unit tests.
Small refactor of getTarget... function.
Signed-off-by: Nic Colledge <nic@njcolledge.net>
* Refactor to add response value rewrite as answer value option
Signed-off-by: Nic Colledge <nic@njcolledge.net>
* Removed TODO comment, added test for NAPTR record.
Signed-off-by: Nic Colledge <nic@njcolledge.net>
* plugin/sign: track zone file's mtime
Resign if the original zone's mtime is change in some way.
Closes#4407
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/sign/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Yong Tang <yong.tang.github@outlook.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* plugin/transfer: only allow outgoing axfr over tcp
Return refused when the query comes in over udp.
No need to add a new test case as the current crop needed to be changed
to use TCP.
Fixes: #4450
Signed-off-by: Miek Gieben <miek@miek.nl>
* transfer tests: this needs tcp as well
Signed-off-by: Miek Gieben <miek@miek.nl>
Copy the msg to prevent messing with the (via the pointer) original
created message that may be stored in the cache or anything other data
store.
Signed-off-by: Miek Gieben <miek@miek.nl>
Currently ACLs only allow for allow and block, however it isn't
always desirable to set the status code to REFUSED. Often times
you want to completely hide the fact that those records even exist.
Adding the ability to acl to filter results makes it significantly
harder for a third party to know that the records are being masked.
Signed-off-by: George Shammas <george@shamm.as>
* Revert "make copies of RRs before returning them (#4409)"
This reverts commit 8b2ff6c388.
* Document copying responses
See #4409 and the comments. This documents that issue, but doesn't
change the in-tree plugins just yet.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* plugin/forward Add rcode and rtype to request_duration_seconds metric
Signed-off-by: Maxime Ginters <maxime.ginters@shopify.com>
* Control the cardinality of query type
Signed-off-by: Maxime Ginters <maxime.ginters@shopify.com>
PR #4161 is stalled. Tried to cherry pick the code from there, but that
led to conflicts, manually copying over while taking into account the
comments on that PR. Use that code and extend the error checking, don't
modify existing tests and make the badwriter test simpler.
Closes: #4161
Signed-off-by: Miek Gieben <miek@miek.nl>
add tests
Signed-off-by: Miek Gieben <miek@miek.nl>
Make this vastly simpler and more efficient. Adding all the bytes and
then letting loose fnv doesn't add anything and may actually do the
wrong thing.
See: #3953Fixes: #3953
Signed-off-by: Miek Gieben <miek@miek.nl>
* Azure Plugin: Iterate over all pages for records
Signed-off-by: Manuel Gugger <manuel.gugger@gmail.com>
* Azure Plugin: use := for assignment
Signed-off-by: Manuel Gugger <manuel.gugger@gmail.com>
* Remove unnecessary return param
Signed-off-by: Manuel Gugger <manuel.gugger@gmail.com>
