Add optional show_first flag to consolidate directive that logs
the first error immediately and then consolidates subsequent errors.
When show_first is enabled:
- The first matching error is logged immediately with full details
(rcode, domain, type, error message) using the configured log level
- Subsequent matching errors are consolidated during the period
- At period end:
- If only one error occurred, no summary is printed (already logged)
- If multiple errors occurred, summary shows the total count
Syntax:
consolidate DURATION REGEXP [LEVEL] [show_first]
Example with 3 errors:
[WARNING] 2 example.org. A: read udp 10.0.0.1:53->8.8.8.8:53: i/o timeout
[WARNING] 3 errors like '^read udp .* i/o timeout$' occurred in last 30s
Example with 1 error:
[WARNING] 2 example.org. A: read udp 10.0.0.1:53->8.8.8.8:53: i/o timeout
Implementation details:
- Add showFirst bool to pattern struct
- Rename inc() to consolidateError(), return false for showFirst case
- Use function pointer in ServeDNS to unify log calls with proper level
- Simplify logPattern() with single condition (cnt > 1 || !showFirst)
- Refactor parseLogLevel() to parseOptionalParams() with map-based dispatch
- Validate parameter order: log level must come before show_first
- Update README.md with show_first documentation and examples
- Add comprehensive test cases for show_first functionality
Signed-off-by: cangming <cangming@cangming.app>
This PR add a deprecation noticed for geoip plugin's upcoming
behavior change of 0. Please see PR #7732 for details.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
A very large regex for the auto plugin in the Corefile could cause
CoreDNS to OOM. This change adds an artificial limit of 10k characters
for the regex pattern. Fixes OSS-Fuzz finding #466745384.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
The plugin dropped the actual error message from the log, so the log
becomes completely useless.
Before:
```
[ERROR] plugin/kubernetes: error Failed to watch
```
After:
```
[ERROR] plugin/kubernetes: Failed to watch: failed to list *v1.Namespace: Get "https://10.96.0.1:443/api/v1/namespaces?limit=500&resourceVersion=0": tls: failed to parse certificate from server: x509: SAN dNSName is malformed
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add RWMutex to protect concurrent map access in Set, Unset, and ForEach methods.
Change New() to return *U pointer type for proper synchronization.
Signed-off-by: Cangming H <cangmingh@gmail.com>
Fixes a bug in the forward plugin where an immediate connection
failure (e.g., TCP RST) could trigger an infinite busy loop. The
retry logic failed to increment the "fails" counter when a
connection error occurred, causing the loop condition to
remain permanently true. This patch fixes it and adds a
regression test.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
This commit removes superfluous allocations of the Answer, Ns, and Extra
slices when copying a cached a dns.Msg. The allocations are superfluous
because we immediately overwrite the newly copied slices with
filterRRSlice. It also updates filterRRSlice to pre-calculate the size
of the slice being copied into.
Benchmark results:
goos: darwin
goarch: arm64
pkg: github.com/coredns/coredns/plugin/cache
cpu: Apple M4 Pro
│ base.10.txt │ new.10.txt │
│ sec/op │ sec/op vs base │
CacheResponse-14 471.1n ± 0% 462.9n ± 2% -1.74% (p=0.009 n=10)
│ base.10.txt │ new.10.txt │
│ B/op │ B/op vs base │
CacheResponse-14 672.0 ± 0% 656.0 ± 0% -2.38% (p=0.000 n=10)
│ base.10.txt │ new.10.txt │
│ allocs/op │ allocs/op vs base │
CacheResponse-14 13.00 ± 0% 12.00 ± 0% -7.69% (p=0.000 n=10)
Signed-off-by: Charlie Vieth <charlie.vieth@gmail.com>
This commit changes the CNAME rewrite rule to use a pre-compiled regexp
when the match type is RegexMatch instead of compiling it on-the-fly for
each request. This will also allow for invalid regexp patterns to be
identified during setup instead of causing a panic when the rule is
first invoked.
Signed-off-by: Charlie Vieth <charlie.vieth@gmail.com>
* fix: prevent QUIC reload panic by lazily initializing the listener
ServePacket on reload receives the reused PacketConn before the new
ServerQUIC has recreated its quic.Listener, so quicListener is nil and
the process panics. Lazily initialise quicListener from the provided
PacketConn when it’s nil and then proceed with ServeQUIC.
fixes: #7679
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
* test: add regression test for QUIC reload panic
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
---------
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
