The filtering of DNSSEC records in the cache plugin was not done
correctly. Also the change to introduced this bug didn't take into
account that the cache - by virtue of differentiating between DNSSEC and
no-DNSSEC - relied on not copying the data from the cache.
This change copies and then filters the data and factors the filtering
into a function that is used in two places (albeit with on ugly boolean
parameters to prevent copying things twice).
Add tests, do_test.go is moved to test/cache_test.go because the OPT
handing is done outside of the cache plugin. The core server re-attaches
the correct OPT when replying, so that makes for a better e2e test.
Added small unit test for filterRRslice and an explicit test that asks
for DNSSEC first and then plain, and vice versa to test cache behavior.
Fixes: #4146
Signed-off-by: Miek Gieben <miek@miek.nl>
* For caddy v1 in our org
This RP changes all imports for caddyserver/caddy to coredns/caddy. This
is the v1 code of caddy.
For the coredns/caddy repo the following changes have been made:
* anything not needed by us is deleted
* all `telemetry` stuff is deleted
* all its import paths are also changed to point to coredns/caddy
* the v1 branch has been moved to the master branch
* a v1.1.0 tag has been added to signal the latest release
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix imports
Signed-off-by: Miek Gieben <miek@miek.nl>
* Group coredns/caddy with out plugins
Signed-off-by: Miek Gieben <miek@miek.nl>
* remove this file
Signed-off-by: Miek Gieben <miek@miek.nl>
* Relax import ordering
github.com/coredns is now also a coredns dep, this makes
github.com/coredns/caddy fit more natural in the list.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix final import
Signed-off-by: Miek Gieben <miek@miek.nl>
* cache: default to DNSSEC
This change does away with the DNS/DNSSEC distinction the cache
currently makes. Cache will always make coredns perform a DNSSEC query
and store that result. If a client just needs plain DNS, the DNSSEC
records are stripped from the response.
It should also be more memory efficient, because we store a reply once
and not one DNS and another for DNSSEC.
Fixes: #3836
Signed-off-by: Miek Gieben <miek@miek.nl>
* Change OPT RR when one is present in the msg.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Fix comment for isDNSSEC
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/cache/handler.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Update plugin/cache/item.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Code review; fix comment for isDNSSEC
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update doc and set AD to false
Set Authenticated Data to false when DNSSEC was not wanted. Also update
the readme with the new behavior.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update plugin/cache/handler.go
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Updates the notes with latest PRs. I want the cache PR to be included in
this release as well, if possible.
Should release somewhere this week.
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/trace: fix struct allignment
A 64 bit entity needs to be the first in a struct to make it work on 32
bit systems.
Fixes: #4111
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/erratic does makes the same mistake
Signed-off-by: Miek Gieben <miek@miek.nl>
* plugin/forward: init ClientSessionCache in tls.Config
- ClientSessionCache may speed up a TLS handshake in upcoming connections
to the same TLS server
Signed-off-by: Ruslan Drozhdzh <rdrozhdzh@infoblox.com>
* add comment
Signed-off-by: Ruslan Drozhdzh <rdrozhdzh@infoblox.com>
* Update the 1.7.1 notes
Add bunch of PR, remote the text that should show up in the 1.8.0
release.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update notes/coredns-1.7.1.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
* Enable debug globally if enabled in any server config
It was currently enabled only if the plugin debug
was enabled in the last server config of the Corefile.
Signed-off-by: Olivier Lemasle <o.lemasle@gmail.com>
* Add test and update debug's README
Signed-off-by: Olivier Lemasle <o.lemasle@gmail.com>
* Update README.md
Specify that serial must change for the zone file to be reloaded.
Signed-off-by: Grant Garrett-Grossman <grantlg2@illinois.edu>
* Update plugin/auto/README.md
Co-authored-by: Miek Gieben <miek@miek.nl>
Signed-off-by: Grant Garrett-Grossman <grantlg2@illinois.edu>
Co-authored-by: Miek Gieben <miek@miek.nl>
