Extend the tsig plugin to require TSIG signatures based on DNS opcodes,
similar to the existing qtype-based requirement.
The new require_opcode directive accepts opcode names (QUERY, IQUERY,
STATUS, NOTIFY, UPDATE) or the special values "all" and "none".
This is useful for requiring TSIG on dynamic update (UPDATE) or zone
transfer notification (NOTIFY) requests while allowing unsigned queries.
Example:
```
tsig {
secret key. NoTCJU+DMqFWywaPyxSijrDEA/eC3nK0xi3AMEZuPVk=
require_opcode UPDATE NOTIFY
}
```
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat: add support for running CoreDNS as a Windows service
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* Use non-deprecated service check function.
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* refactor: remove deprecated build tags and clean up imports in service files
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* ci: add Windows test workflow and fix log field access in service_windows.go
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* test: implement cross-platform file permission restriction for Windows compatibility in run_test.go
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* refactor: remove Windows-specific icacls test logic and restrict unreadable file test to non-Windows platforms
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* docs: add documentation for -windows-service flag in man page
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
---------
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* plugin/transfter: Fix longestMatch to select the most specific zone correctly.
This PR Fix longestMatch to select the most specific zone correctly.The previous implementation used lexicographic string comparison, which could choose the wrong zone; this change selects the longest matching zone instead.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Tie breaker
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Fix
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
---------
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* feat: Add GitHub Actions workflow for drafting releases and update Makefile to build Windows releases as zip archives.
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* Generate both tgz and zip for Windows to support any existing workflows.
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
---------
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* core: Reject oversized GET dns query parameter of DoH
The DoH POST path limits request size using http.MaxBytesReader(..., 65536), but the GET path passes the dns query value directly to base64ToMsg() with no equivalent bound.
This PR adds length check.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Fix
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
---------
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This PR fixes Fix case-sensitive zone handling in the transfer plugin for AXFR/IXFR, raised in 7898
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Replace github.com/matttproud/golang_protobuf_extensions/pbutil
with google.golang.org/protobuf/encoding/protodelim for reading
varint size-delimited protobuf messages in the metrics scraper.
The new protodelim package is already available via the existing
google.golang.org/protobuf dependency, so this removes pbutil as
a direct dependency entirely.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
