Make normalize return multiple "hosts" (= reverse zones) when a
non-octet boundary cidr is given.
Added pkg/cidr package that holds the cidr calculation routines; felt
they didn't really fit dnsutil.
This change means the IPNet return parameter isn't needed, the hosts are
all correct. The tests that tests this is also removed: TestSplitHostPortReverse
The fallout was that zoneAddr _also_ doesn't need the IPNet member, that
in turn make it visible that zoneAddr in address.go duplicated a bunch
of stuff from register.go; removed/refactored that too.
Created a plugin.OriginsFromArgsOrServerBlock to help plugins do the
right things, by consuming ZONE arguments; this now expands reverse
zones correctly. This is mostly mechanical.
Remove the reverse test in plugin/kubernetes which is a copy-paste from
a core test (which has since been fixed).
Remove MustNormalize as it has no plugin users.
This change is not backwards compatible to plugins that have a ZONE
argument that they parse in the setup util.
All in-tree plugins have been updated.
Signed-off-by: Miek Gieben <miek@miek.nl>
* core: fix v4 non-octet reverse zones
This fixes the reverse zones handling. Add expanstion of the reverse
notation to all octet boundary subnets and add those to the config - just as if
they were directly typed in the config.
This takes inspiration from #4501, but that (even with DCO!!) seems to
be just using https://github.com/apparentlymart/go-cidr/ so use that
instead - I think a minor function is still needed that one is copied
from #4501.
Also sort the zones we are listing on startup - caught in this PR
because of the expanded zones being not listed next to each other.
This also removes the need for FilterFunc from the config, so this is
now gone as well, making the whole thing slightly more efficient.
Add couple of reverse unit tests and a e2e test that queries for the
correct (and incorrect) reverse zones and checks the reply.
Closes: #4501Fixes: #2779
Signed-off-by: Miek Gieben <miek@miek.nl>
* Add more test cases
Add test from origin bug report: #2779
Signed-off-by: Miek Gieben <miek@miek.nl>
* Rebase and fix conflicts
Signed-off-by: Miek Gieben <miek@miek.nl>
The following test failure for `TestZoneReload` can be observed
periodically:
`file_reload_test.go:58: Expected two RR in answer section got 2`
This failure can be consistently reproduced using the following command
(on my machine, at least):
`( cd test ; go test -v -race -run "TestZoneReload" ./... -count=500)`
test/file_reload_test.go:
Address a typo in a test failure message.
Sleep for double the file reload interval to avoid a rare
race condition between test code and the file plugin's reload code,
which is presumably a result of the time it takes to actually reload.
Signed-off-by: Stephen Greene <sgreene@redhat.com>
* support v1 and v1beta1 endpointslice
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* update comments
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* fix SOA response for non-apex queries
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* handle mixed case
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* do full string compare
Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
* plugin/rewrite: streamline the ResponseRule handling.
The functionality of a response rule is now completely encapsulated behind
a `ResponseRule` interface. This significantly simplifies the complete
processing flow, it enables more flexible response handling and it is possible
to eliminate lots of state flags, ifs and switches.
Based on the new flexibility the pull request also enables to support a
response name rewrite for all name rewrite types.
To be compatible, an explicit `answer auto` option is added to support
a best effort response rewrite (name and value).
Additionally now all name rewrite rules support additional name and value
reponse rewrite options.
Using this feature it is also possible now to rewrite a complete sub domain
hierarchy to a single domain name combined with a correct rewrite (#2389).
Signed-off-by: Uwe Krueger <uwe.krueger@sap.com>
* revert policy
Signed-off-by: Uwe Krueger <uwe.krueger@sap.com>
Co-authored-by: Miek Gieben <miek@miek.nl>
As commit push holds write access of GITHUB_TOKEN, we may
want to limit the scope of third-party test run.
This PR disable CodeCov on commit push. Pull request is still
ok.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
As dependabot has been failing for some time,
this PR manually updates all dependencies when possible.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* plugin/dnssec: use entire RRset as key input
This uses the entire rrset as input for the hash key; this is to detect
differences in the RRset and generate the correct signature.
As this would then lead to unbounded growth, we periodically (every 8h)
prune the cache of old entries. In theory we could rely on the random
eviction, but it seems nicer to do this in a maintannce loop so that we
remove the unused ones. This required adding a Walk function to the
plugin/pkg/cache.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/dnssec/cache.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* plugin/bind: exclude interface or ip address
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* fix README.md
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Apply suggestions, Fix test
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Apply suggestions, move errs to setup
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
To combat label cardinality explosions remove the type from metrics.
This was most severe in the histogram for request duration, remove it
there.
It's also highlighted difference between grpc and forward code, where
forward did use type and grpc didn't; getting rid of all that "fixes"
that discrepancy
Move monitor.go back into the vars directory and make it private again.
Also name it slightly better
Fixes: #4507
Signed-off-by: Miek Gieben <miek@miek.nl>
When the interface doesn't exist you get:
plugin/bind: not a valid IP address: eth0
Fix the wording that this can also be interface name. Also %q the
argument in the error mesg.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Discard link-local addresses on binding
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Update plugin/bind: README.md
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
* Except for IPv6 link-local only
Signed-off-by: Mohammad Yosefpor <myusefpur@gmail.com>
This moves all workflows that commit to a schedule, so that it _doesn't_
push into peoples PRs as that enlarges them and is just non-obvious.
They run throughout the week.
Also change the "user" we use for this, so that DCO believes it a real
email address (DCO is pretty stupid here). Update the authors target to
filter out this bot as well.
Signed-off-by: Miek Gieben <miek@miek.nl>
