dependabot[bot]
6bb2abd982
build(deps): bump the k8s-io group with 2 updates
...
Bumps the k8s-io group with 2 updates: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery ) and [k8s.io/client-go](https://github.com/kubernetes/client-go ).
Updates `k8s.io/apimachinery` from 0.34.3 to 0.35.0
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.34.3...v0.35.0 )
Updates `k8s.io/client-go` from 0.34.3 to 0.35.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kubernetes/client-go/compare/v0.34.3...v0.35.0 )
---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
dependency-version: 0.35.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: k8s-io
- dependency-name: k8s.io/client-go
dependency-version: 0.35.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: k8s-io
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-09 15:09:09 +00:00
Ville Vesilehto
d8f793b724
chore: bump Go version to 1.25.7 ( #7843 )
2026-02-06 09:15:36 -08:00
vflaux
30c20b52ff
refactor(cache): modernize with generics ( #7842 )
2026-02-03 17:23:53 -08:00
dependabot[bot]
923a8b5d2b
build(deps): bump google.golang.org/api from 0.262.0 to 0.264.0 ( #7840 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.262.0 to 0.264.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.262.0...v0.264.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-version: 0.264.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 20:42:47 +02:00
dependabot[bot]
8d3ad1aef3
build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 ( #7841 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.11 to 4.32.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](19b2f06db2...b20883b0cdsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 20:42:12 +02:00
dependabot[bot]
cd62dd2194
build(deps): bump docker/login-action from 3.6.0 to 3.7.0 ( #7839 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](5e57cd1181...c94ce9fb46support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 20:41:28 +02:00
Kelly Kane
b3d79f59e5
Add metadata for response Type and Class to Log. ( #7806 )
2026-01-26 08:03:03 -08:00
dependabot[bot]
b722aadc44
build(deps): bump google.golang.org/api from 0.260.0 to 0.262.0 ( #7835 )
2026-01-26 08:01:49 -08:00
dependabot[bot]
ccd88b2c01
build(deps): bump github.com/miekg/dns from 1.1.70 to 1.1.72 ( #7837 )
2026-01-26 08:01:13 -08:00
dependabot[bot]
f5cf4d0639
build(deps): bump actions/checkout from 6.0.1 to 6.0.2 ( #7838 )
2026-01-26 17:03:56 +02:00
dependabot[bot]
a6f34e412b
build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 ( #7836 )
2026-01-26 17:03:11 +02:00
Henrik Gerdes
7f410524d0
docs: clarify kubernetes auth docs ( #7831 )
...
Signed-off-by: Henrik Gerdes <hegerdes@outlook.de >
2026-01-21 18:36:11 -08:00
Shiv Tyagi
f1f0955cb9
fix: return SOA and NS records when queried for a record CNAMEd to origin ( #7808 )
...
* fix: return SOA and NS records when queried for a record CNAMEd to origin
Signed-off-by: Shiv Tyagi <shivtyagi3015@gmail.com >
* chore(test): add test for covering cname to origin scenario in file plugin
Signed-off-by: Shiv Tyagi <shivtyagi3015@gmail.com >
---------
Signed-off-by: Shiv Tyagi <shivtyagi3015@gmail.com >
2026-01-21 18:35:48 -08:00
dependabot[bot]
1c9575747f
build(deps): bump google.golang.org/api from 0.259.0 to 0.260.0 ( #7833 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.259.0 to 0.260.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.259.0...v0.260.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-version: 0.260.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-21 18:35:18 -08:00
dependabot[bot]
b6c8ac701d
build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 ( #7832 )
2026-01-19 18:00:23 +02:00
Yong Tang
80527fd389
Bump golang to 1.25.6 ( #7827 )
2026-01-16 06:47:07 +02:00
Yong Tang
edc4193220
Bump version to 1.14.1 ( #7826 )
2026-01-14 10:54:09 -08:00
Ville Vesilehto
f3983c1111
perf(proxy): use mutex-based connection pool ( #7790 )
...
* perf(proxy): use mutex-based connection pool
The proxy package (used for example by the forward plugin) utilized
an actor model where a single connManager goroutine managed
connection pooling via unbuffered channels (dial, yield, ret). This
design serialized all connection acquisition and release operations
through a single goroutine, creating a bottleneck under high
concurrency. This was observable as a performance degradation when
using a single upstream backend compared to multiple backends
(which sharded the bottleneck).
Changes:
- Removed dial, yield, and ret channels from the Transport struct.
- Removed the connManager goroutine's request processing loop.
- Implemented Dial() and Yield() using a sync.Mutex to protect the
connection slice, allowing for fast concurrent access without
context switching.
- Downgraded connManager to a simple background cleanup loop that
only handles connection expiration on a ticker.
- Updated plugin/pkg/proxy/connect.go to use direct method calls
instead of channel sends.
- Updated tests to reflect the removal of internal channels.
Benchmarks show that this change eliminates the single-backend
bottleneck. Now a single upstream backend performs on par with
multiple backends, and overall throughput is improved.
The implementation aligns with standard Go patterns for connection
pooling (e.g., net/http.Transport).
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
* fix: address PR review for persistent.go
- Named mutex field instead of embedding, to not expose
Lock() and Unlock()
- Move stop check outside of lock in Yield()
- Close() without a separate goroutine
- Change stop channel to struct
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
* fix: address code review feedback for conn pool
- Switch from LIFO to FIFO connection selection for source port
diversity, reducing DNS cache poisoning risk (RFC 5452).
- Remove "clear entire cache" optimization as it was LIFO-specific.
FIFO naturally iterates and skips expired connections.
- Remove all goroutines for closing connections; collect connections
while holding lock, close synchronously after releasing lock.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
* fix: remove unused error consts
No longer utilised after refactoring the channel based approach.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
* feat(forward): add max_idle_conns option
Add configurable connection pool limit for the forward plugin via
the max_idle_conns Corefile option.
Changes:
- Add SetMaxIdleConns to proxy
- Add maxIdleConns field to Forward struct
- Add max_idle_conns parsing in forward plugin setup
- Apply setting to each proxy during configuration
- Update forward plugin README with new option
By default the value is 0 (unbounded). When set, excess
connections returned to the pool are closed immediately
rather than cached.
Also add a yield related test.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
* chore(proxy): simple Dial by closing conns inline
Remove toClose slice collection to reduce complexity. Instead close
expired connections directly while iterating. Reduces complexity with
negligible lock-time impact.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
* chore: fewer explicit Unlock calls
Cleaner and less chance of forgetting to unlock on new possible
code paths.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
---------
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2026-01-13 17:49:46 -08:00
Alex Massy
d8ff130a00
Add Quick Start section with minimal Corefile example ( #7809 )
...
Signed-off-by: Alxmassy <alexmassy2005@gmail.com >
2026-01-13 15:22:54 +02:00
dependabot[bot]
dd62f6e038
build(deps): bump github.com/aws/aws-sdk-go-v2/config ( #7816 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.32.6 to 1.32.7.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.6...v1.32.7 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-version: 1.32.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 19:11:00 -08:00
dependabot[bot]
30c8af200b
build(deps): bump github.com/aws/aws-sdk-go-v2/service/secretsmanager ( #7824 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2 ) from 1.41.0 to 1.41.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.41.0...v1.41.1 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
dependency-version: 1.41.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 19:10:45 -08:00
dependabot[bot]
e25fd686dc
build(deps): bump github.com/aws/aws-sdk-go-v2/credentials ( #7811 )
...
Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2 ) from 1.19.6 to 1.19.7.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.19.6...service/m2/v1.19.7 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
dependency-version: 1.19.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 18:08:11 -08:00
dependabot[bot]
23309e947c
build(deps): bump github.com/prometheus/common from 0.67.4 to 0.67.5 ( #7823 )
2026-01-12 16:37:42 -08:00
dependabot[bot]
d6d807e52e
build(deps): bump google.golang.org/api from 0.258.0 to 0.259.0 ( #7821 )
2026-01-12 16:37:31 -08:00
dependabot[bot]
08f3c4311a
build(deps): bump github.com/aws/aws-sdk-go-v2/service/route53 ( #7812 )
2026-01-12 16:37:22 -08:00
dependabot[bot]
33c02b6fcf
build(deps): bump github.com/miekg/dns from 1.1.69 to 1.1.70 ( #7814 )
2026-01-12 12:49:24 -08:00
dependabot[bot]
04d4ec0f6a
build(deps): bump github.com/quic-go/quic-go from 0.58.0 to 0.59.0 ( #7813 )
2026-01-12 12:49:06 -08:00
dependabot[bot]
d73e66a3fc
build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds ( #7815 )
2026-01-12 12:48:52 -08:00
dependabot[bot]
82baaf2ed4
build(deps): bump github.com/DataDog/dd-trace-go/v2 from 2.4.1 to 2.5.0 ( #7817 )
2026-01-12 12:48:43 -08:00
dependabot[bot]
e61efe7997
build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 ( #7818 )
2026-01-12 12:48:20 -08:00
dependabot[bot]
984760e6d4
build(deps): bump github/codeql-action from 4.31.9 to 4.31.10 ( #7810 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.9 to 4.31.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5d4e8d1aca...cdefb33c0fsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 20:30:07 +02:00
Shiv Tyagi
5fb9804713
chore: allow to override -ldflags via ENV VAR for make coredns target ( #7807 )
2026-01-12 08:51:45 -08:00
Yong Tang
1c964f2f68
Bump version to 1.14.0 ( #7803 )
2026-01-06 20:21:18 -08:00
Ville Vesilehto
b723bd94d4
fix(plugins): add regex length limit ( #7802 )
2026-01-05 09:48:48 -08:00
Raisa Kabir
adba778626
Refactor: Update the cache getter function ( #7800 )
...
Rename the cache getter function to reflect the true functionality of retrieving with
TTL consideration.
Refs: https://github.com/coredns/coredns/issues/6505
Signed-off-by: Raisa Kabir <raisa.kabir2010@gmail.com >
2026-01-05 18:24:04 +02:00
Syed Azeez
6dca5b26d1
fix(lint): address G114 gosec findings in ready, pprof, and health plugins ( #7798 )
...
Replace http.Serve() with http.Server{} configured with timeouts to
address G114 gosec findings (HTTP server without timeouts). This
prevents potential slowloris attacks and resource exhaustion.
Changes:
- Add ReadTimeout, WriteTimeout, IdleTimeout (5s each) to HTTP servers
- Use srv.Shutdown(ctx) for graceful shutdown instead of ln.Close()
- Follow existing pattern from plugin/metrics
Fixes part of #7793
Signed-off-by: Azeez Syed <syedazeez337@gmail.com >
2026-01-01 11:25:37 +02:00
Syed Azeez
7b38eb8625
plugin: fix gosec G115 integer overflow warnings ( #7799 )
...
Fix integer overflow conversion warnings (G115) by adding appropriate
suppressions where values are provably bounded.
Fixes: https://github.com/coredns/coredns/issues/7793
Changes:
- Updated 56 G115 annotations to use consistent // #nosec G115 format
- Added 2 //nolint:gosec suppressions for conditional expressions
- Removed G115 exclusion from golangci.yml (now explicitly handled per-line)
Suppressions justify why each conversion is safe (e.g., port numbers
are bounded 1-65535, DNS TTL limits, pool lengths, etc.)
Signed-off-by: Azeez Syed <syedazeez337@gmail.com >
2026-01-01 10:20:29 +02:00
Ville Vesilehto
be934b2b06
perf(metrics): implement plugin chain tracking ( #7791 )
...
Remove expensive runtime.Caller calls from metrics Recorder.WriteMsg
by tracking the responding plugin through the plugin chain instead.
- Add PluginTracker interface and pluginWriter wrapper in plugin.go
- Modify NextOrFailure to wrap ResponseWriter with plugin name
- Update metrics Recorder to implement PluginTracker
- Remove authoritativePlugin method using filepath inspection
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-12-29 14:33:12 -08:00
Ville Vesilehto
b21c752d7f
chore(lint): enable gosec ( #7792 )
...
Enable "gosec" linter.
Exclude:
- All G115 (integer overflow) findings, to be fixed separately.
Add targeted gosec annotations for:
- non-crypto math/rand usage
- md5 used only for file change detection
- G114 ("net/http serve with no timeout settings"), to be fixed
separately.
Other findings fixed.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-12-29 14:01:27 -08:00
dependabot[bot]
1e0095d9b0
build(deps): bump github.com/oschwald/geoip2-golang/v2 ( #7797 )
...
Bumps [github.com/oschwald/geoip2-golang/v2](https://github.com/oschwald/geoip2-golang ) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/oschwald/geoip2-golang/releases )
- [Changelog](https://github.com/oschwald/geoip2-golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/oschwald/geoip2-golang/compare/v2.0.1...v2.1.0 )
---
updated-dependencies:
- dependency-name: github.com/oschwald/geoip2-golang/v2
dependency-version: 2.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-29 14:01:01 -08:00
dependabot[bot]
748f494776
build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 ( #7796 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.77.0 to 1.78.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-version: 1.78.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-29 15:18:58 +02:00
Ville Vesilehto
376c712d4f
chore(ci): bump golangci-lint to v2.7.2 ( #7783 )
2025-12-23 22:05:34 +02:00
Ville Vesilehto
4f0368f8bf
feat(clouddns): API to 0.258.0 with deprecations ( #7787 )
2025-12-23 11:47:59 -08:00
Ville Vesilehto
d37f7f7754
fix(sign): report parser err before missing SOA ( #7775 )
2025-12-23 09:50:16 -08:00
Ville Vesilehto
fd07d5942f
fix: impossible condition in metrics test ( #7784 )
2025-12-23 09:48:33 -08:00
dependabot[bot]
6053466fcd
build(deps): bump the go-etcd-io group with 2 updates ( #7778 )
2025-12-23 17:50:37 +02:00
dependabot[bot]
318df780d6
build(deps): bump github.com/aws/aws-sdk-go-v2/config ( #7780 )
2025-12-23 17:49:29 +02:00
dependabot[bot]
6418604155
build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 ( #7777 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.8 to 4.31.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b168cd394...5d4e8d1acasupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-22 15:32:08 +02:00
dependabot[bot]
d680bc6494
build(deps): bump github.com/aws/aws-sdk-go-v2/credentials ( #7782 )
...
Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2 ) from 1.19.5 to 1.19.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/m2/v1.19.5...service/m2/v1.19.6 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
dependency-version: 1.19.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-22 15:31:11 +02:00
dependabot[bot]
3243c60ba0
build(deps): bump github.com/quic-go/quic-go from 0.57.1 to 0.58.0 ( #7779 )
...
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go ) from 0.57.1 to 0.58.0.
- [Release notes](https://github.com/quic-go/quic-go/releases )
- [Commits](https://github.com/quic-go/quic-go/compare/v0.57.1...v0.58.0 )
---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
dependency-version: 0.58.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-22 15:29:50 +02:00
