dependabot[bot]
9210bd145d
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.39.2 to 1.39.3 ( #7627 )
2025-10-20 07:07:08 -07:00
dependabot[bot]
c34a0a67ab
build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds ( #7623 )
2025-10-20 07:05:45 -07:00
dependabot[bot]
f19bf73bb2
build(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ( #7625 )
2025-10-20 16:54:35 +03:00
rpb-ant
109b3f47de
Update multisocket README.md ( #7621 )
...
* Update multisocket README.md
I was a bit confused why `multisocket` wasn't working for me, but I eventually found 38c020941b/core/dnsserver/register.go (L308)rpb@anthropic.com >
* Update plugin/multisocket/README.md
Co-authored-by: Ville Vesilehto <ville@vesilehto.fi >
Signed-off-by: Ryan Brewster <rpb@anthropic.com >
---------
Signed-off-by: Ryan Brewster <rpb@anthropic.com >
Co-authored-by: Ville Vesilehto <ville@vesilehto.fi >
2025-10-17 19:16:29 +03:00
Ville Vesilehto
f4ab631ae4
fix(forward): disallow NOERROR in failover ( #7622 )
...
Previously the parsing logic in the forward plugin setup failed to
recognise when NOERROR was used as a failover RCODE criteria. The
check was in the wrong code branch. This PR fixes it and adds
validation tests. Also updates the plugin README.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-10-17 14:37:02 +03:00
Ville Vesilehto
38c020941b
chore: bump Go version to 1.25.3 ( #7616 )
...
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-10-14 15:18:26 -07:00
Ville Vesilehto
f085ed0e6d
fix(multisocket): cap num sockets to prevent OOM ( #7615 )
2025-10-14 07:31:57 -07:00
dependabot[bot]
89bf0a2cc2
build(deps): bump google.golang.org/api from 0.251.0 to 0.252.0 ( #7607 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.251.0 to 0.252.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.251.0...v0.252.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-version: 0.252.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-14 10:24:28 +03:00
dependabot[bot]
344bb82f53
build(deps): bump google.golang.org/grpc from 1.75.1 to 1.76.0 ( #7608 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.75.1 to 1.76.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.75.1...v1.76.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-version: 1.76.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-14 08:44:19 +03:00
dependabot[bot]
eb10948689
build(deps): bump github.com/prometheus/common from 0.66.1 to 0.67.1 ( #7609 )
...
Bumps [github.com/prometheus/common](https://github.com/prometheus/common ) from 0.66.1 to 0.67.1.
- [Release notes](https://github.com/prometheus/common/releases )
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/common/compare/v0.66.1...v0.67.1 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/common
dependency-version: 0.67.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13 18:51:59 +03:00
dependabot[bot]
73705d0bcd
build(deps): bump github/codeql-action from 3.30.6 to 4.30.8 ( #7612 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.6 to 4.30.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](64d10c1313...f443b600d9support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13 18:46:55 +03:00
dependabot[bot]
2947e133d8
build(deps): bump softprops/action-gh-release from 2.3.4 to 2.4.1 ( #7613 )
2025-10-13 16:37:16 +02:00
dependabot[bot]
1cc68b6bf0
build(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 ( #7606 )
2025-10-13 16:36:24 +02:00
dependabot[bot]
aeb68d2c53
build(deps): bump actions/dependency-review-action from 4.8.0 to 4.8.1 ( #7611 )
2025-10-13 16:34:36 +02:00
Rick Fletcher
ed05cffcd4
fix: update broken link to expr language definition ( #7604 )
...
Signed-off-by: Rick Fletcher <fletch@pobox.com >
2025-10-10 18:24:14 -07:00
Yong Tang
1db4568df6
Bump version to 1.13.1 ( #7599 )
2025-10-08 08:26:37 -07:00
Yong Tang
3ccbd6ab6c
Bump golang to 1.25.2 and golang.org/x/net to v0.45.0 ( #7598 )
2025-10-08 08:26:18 -07:00
dependabot[bot]
84722ab95b
build(deps): bump google.golang.org/api from 0.250.0 to 0.251.0 ( #7596 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.250.0 to 0.251.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.250.0...v0.251.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-version: 0.251.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 18:04:47 -07:00
dependabot[bot]
a36db64d1a
build(deps): bump actions/stale from 10.0.0 to 10.1.0 ( #7593 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 10.0.0 to 10.1.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](3a9db7e6a4...5f858e3efbsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06 18:04:37 -07:00
dependabot[bot]
b2a6ca08ed
build(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.55.0 ( #7595 )
2025-10-06 11:19:52 -07:00
dependabot[bot]
600098f10b
build(deps): bump softprops/action-gh-release from 2.3.3 to 2.3.4 ( #7597 )
2025-10-06 11:19:37 -07:00
dependabot[bot]
0e6535b06e
build(deps): bump github/codeql-action from 3.30.5 to 3.30.6 ( #7594 )
2025-10-06 11:18:54 -07:00
dependabot[bot]
0578a2a4ff
build(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 ( #7592 )
2025-10-06 11:18:35 -07:00
dependabot[bot]
d23f7358bf
build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 ( #7591 )
2025-10-06 16:48:54 +03:00
Ville Vesilehto
6676e6185d
fix(sign): reject invalid UTF‑8 dbfile token ( #7589 )
...
The coredns/caddy lexer replaces invalid UTF‑8 bytes in tokens with
U+FFFD. When that lossy-decoded value is used as `dbfile` in the sign
plugin, the source zone file path never exists. On startup/refresh,
the `resign()` function sees the signed file missing and triggers
signing. Consequently `Sign()` then fails opening the bogus path,
the signed file is never created, and the cycle repeats across all
expanded origins (e.g., reverse CIDRs), causing unbounded churn/OOM.
Validate `dbfile` in setup and error if it contains U+FFFD. Add a
regression test.
Note: Unicode paths are supported; only U+FFFD (replacement-rune) is rejected.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-10-06 00:06:28 -07:00
Catena cyber
625f6c9307
perf: avoid string concatenation in loops ( #7572 )
...
* perf: avoid string concatenation in loops
Apply perfpsrint linter
Signed-off-by: Philippe Antoine <contact@catenacyber.fr >
* ci: enable perfsprint
Signed-off-by: Philippe Antoine <contact@catenacyber.fr >
---------
Signed-off-by: Philippe Antoine <contact@catenacyber.fr >
2025-10-06 00:05:58 -07:00
Yong Tang
51f94b0bb4
Bump version 1.13.0 ( #7587 )
2025-09-30 12:46:15 -07:00
Ville Vesilehto
9a57d9693c
fix(caddyfile): infinite loop on unclosed braces ( #7571 )
...
Update coredns/caddy to a version where Dispenser.NextBlock()
checks Next() and stops at EOF. This ensures forward progress
and prevents an infinite loop when a block is missing a closing '}'
under certain conditions.
Added a regression test.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-09-30 09:36:13 -07:00
Olli Janatuinen
83ce0baeac
plugin/nomad: Add a Nomad plugin ( #7467 )
...
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com >
2025-09-30 09:35:32 -07:00
dependabot[bot]
bc6e015a37
build(deps): bump github.com/aws/aws-sdk-go-v2/config ( #7580 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.31.8 to 1.31.11.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.31.8...config/v1.31.11 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-version: 1.31.11
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 21:51:42 -07:00
dependabot[bot]
294532a355
build(deps): bump github.com/aws/aws-sdk-go-v2/credentials ( #7578 )
...
Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2 ) from 1.18.12 to 1.18.15.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.12...config/v1.18.15 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
dependency-version: 1.18.15
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 19:35:13 -07:00
dependabot[bot]
107fb3ca7f
build(deps): bump github.com/aws/aws-sdk-go-v2/service/route53 ( #7577 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/route53](https://github.com/aws/aws-sdk-go-v2 ) from 1.58.2 to 1.58.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.58.2...service/route53/v1.58.4 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/route53
dependency-version: 1.58.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 17:21:24 -07:00
dependabot[bot]
7e31e2aec6
build(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 ( #7588 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.7.3 to 4.8.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](595b5aeba7...56339e523csupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 17:21:00 -07:00
dependabot[bot]
f6e2fa47f0
build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds ( #7584 )
...
Bumps [github.com/aws/aws-sdk-go-v2/feature/ec2/imds](https://github.com/aws/aws-sdk-go-v2 ) from 1.18.7 to 1.18.9.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/config/v1.18.9/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.7...config/v1.18.9 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/ec2/imds
dependency-version: 1.18.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 14:59:17 -07:00
dependabot[bot]
87d46e6f9e
build(deps): bump github.com/quic-go/quic-go from 0.54.0 to 0.54.1 ( #7579 )
...
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go ) from 0.54.0 to 0.54.1.
- [Release notes](https://github.com/quic-go/quic-go/releases )
- [Commits](https://github.com/quic-go/quic-go/compare/v0.54.0...v0.54.1 )
---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
dependency-version: 0.54.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 14:48:32 -07:00
dependabot[bot]
8d8caf35b9
build(deps): bump github.com/aws/aws-sdk-go-v2/service/secretsmanager ( #7585 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2 ) from 1.39.4 to 1.39.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/amp/v1.39.4...service/sfn/v1.39.6 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
dependency-version: 1.39.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 14:36:33 -07:00
dependabot[bot]
c565c39e0e
build(deps): bump google.golang.org/api from 0.249.0 to 0.250.0 ( #7586 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.249.0 to 0.250.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.249.0...v0.250.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-version: 0.250.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 14:23:05 -07:00
dependabot[bot]
874354157f
build(deps): bump docker/login-action from 3.5.0 to 3.6.0 ( #7581 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](184bdaa072...5e57cd1181support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 20:59:47 +03:00
dependabot[bot]
3d6f793c9a
build(deps): bump github/codeql-action from 3.30.3 to 3.30.5 ( #7583 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.3 to 3.30.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](192325c861...3599b3baa1support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29 20:59:32 +03:00
Ville Vesilehto
70fb03f711
fix(file): fix data race in tree Elem.Name ( #7574 )
...
Eagerly set name in newElem and make Name() read-only to avoid
racy lazy writes under concurrent lookups. Add tests for empty-name
comparisons and concurrent access to Less/Name(). In addition,
regression tests to CloudDNS plugin.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-09-28 19:49:47 -07:00
Ilya Kulakov
eafc352f58
dnsserver: Rely on dns.Server.ShutdownContext to gracefully stop ( #7517 )
2025-09-27 06:34:03 -07:00
dependabot[bot]
a1dfc2c84d
build(deps): bump the go-etcd-io group with 2 updates ( #7570 )
...
Bumps the go-etcd-io group with 2 updates: [go.etcd.io/etcd/api/v3](https://github.com/etcd-io/etcd ) and [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd ).
Updates `go.etcd.io/etcd/api/v3` from 3.6.4 to 3.6.5
- [Release notes](https://github.com/etcd-io/etcd/releases )
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.4...v3.6.5 )
Updates `go.etcd.io/etcd/client/v3` from 3.6.4 to 3.6.5
- [Release notes](https://github.com/etcd-io/etcd/releases )
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.4...v3.6.5 )
---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/api/v3
dependency-version: 3.6.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-etcd-io
- dependency-name: go.etcd.io/etcd/client/v3
dependency-version: 3.6.5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go-etcd-io
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-22 07:33:23 -07:00
Ville Vesilehto
31e285994b
plugin/loop: avoid panic on invalid server block ( #7568 )
...
Ignore invalid ServerBlockKeys in loop plugin that fail
normalization. Retain the default “.” zone instead of
indexing into an empty slice. This prevents an
index-out-of-range panic triggered by malformed
inputs such as "unix://".
Added tests to validate and increase test coverage.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-09-21 22:44:36 -07:00
Ville Vesilehto
0d05791404
lint: enable nakedret ( #7569 )
...
Replace naked returns with explicit return values to satisfy nakedret
linter and improve readability.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-09-21 08:17:35 -07:00
Ville Vesilehto
dd029c931f
chore: bump coredns/caddy dependency to latest ( #7567 )
...
To fix Corefile related import cycle issue. Update docs.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-09-20 16:33:00 -07:00
Ville Vesilehto
6ec327836b
fix: prevent SIGTERM/reload deadlock ( #7562 )
2025-09-19 04:01:53 -07:00
Ville Vesilehto
5532ba8484
fix(plugin): prevent panic when ListenHosts is empty ( #7565 )
2025-09-19 03:59:37 -07:00
Ville Vesilehto
051d8d6f05
fix(plugin): normalize panics on invalid origins ( #7563 )
...
Previously OriginsFromArgsOrServerBlock accessed the output of
NormalizeExact() by index 0, which could panic when normalization
returned an empty slice on error. This happens with malformed input
surfaced by fuzzing, for example "unix://<non‑UTF8>".
This change hardens normalization in the server block path.
If normalization yields no entries, the original value is preserved.
The function still returns a newly copied slice.
This preserves legacy semantics for valid inputs while eliminating
the crash on malformed ones. Added tests to validate.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-09-18 19:15:40 -07:00
Ville Vesilehto
0440e54bcf
fix(dnstap): add bounds for plugin args ( #7557 )
...
Validate dnstap writebuffer (MiB) and queue (x10k) args. Reject
non-integers and out-of-range values with clear errors. Updated
plugin documentation and tests.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-09-18 19:14:51 -07:00
Ville Vesilehto
3c950b8552
fix(forward): deflake TestFailover ( #7558 )
...
In CI, the first two upstream attempts can stall on UDP and each
consume the default 2s read timeout. Possibly exhausting most of
the 5s forward deadline before the healthy third upstream is tried.
Lower the read timeout to make retries faster.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi >
2025-09-15 14:28:26 -07:00
