* feat: Add GitHub Actions workflow for drafting releases and update Makefile to build Windows releases as zip archives.
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* Generate both tgz and zip for Windows to support any existing workflows.
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
---------
Signed-off-by: John-Michael Mulesa <jmulesa@gmail.com>
* core: Reject oversized GET dns query parameter of DoH
The DoH POST path limits request size using http.MaxBytesReader(..., 65536), but the GET path passes the dns query value directly to base64ToMsg() with no equivalent bound.
This PR adds length check.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Fix
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
---------
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This PR fixes Fix case-sensitive zone handling in the transfer plugin for AXFR/IXFR, raised in 7898
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Replace github.com/matttproud/golang_protobuf_extensions/pbutil
with google.golang.org/protobuf/encoding/protodelim for reading
varint size-delimited protobuf messages in the metrics scraper.
The new protodelim package is already available via the existing
google.golang.org/protobuf dependency, so this removes pbutil as
a direct dependency entirely.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
* plugin/pkg/proxy: add max_age for per-connection lifetime cap
Introduce a max_age setting on Transport that closes connections based
on creation time, independent of idle-timeout (expire).
Background: PR #7790 changed the connection pool from LIFO to FIFO for
source-port diversity. Under FIFO, every connection is cycled through
the pool and its used timestamp is refreshed continuously. When request
rate is high enough that pool_size / request_rate < expire, no
connection ever becomes idle and expire never fires. This prevents
CoreDNS from opening new connections to upstreams that scale out (e.g.
new Kubernetes pods behind a ClusterIP service with conntrack pinning).
max_age addresses this by enforcing an absolute upper bound on
connection lifetime regardless of activity:
- persistConn gains a created field set at dial time.
- Transport gains maxAge (default 0 = unlimited, preserving existing
behaviour).
- Dial(): rejects cached connections whose creation age exceeds max_age.
- cleanup(): when maxAge > 0, uses a linear scan over both idle-timeout
and max-age predicates; when maxAge == 0, preserves the original
binary-search path on used time (sorted by FIFO insertion order).
- Both hot paths pre-compute the deadline outside any inner loop to
avoid repeated time.Now() calls.
Tests added:
- TestMaxAgeExpireByCreation: connection with old created but fresh used
must be rejected even though idle-timeout would pass.
- TestMaxAgeFIFORotation: three FIFO-rotated connections (old created,
fresh used) must all be rejected, confirming that continuous rotation
cannot prevent max-age expiry.
Signed-off-by: cangming <cangming@cangming.app>
* plugin/forward: add max_age option
Expose Transport.SetMaxAge through the forward plugin so operators can
set an absolute upper bound on connection lifetime via the Corefile.
Usage:
forward . 1.2.3.4 {
max_age 30s
}
Default is 0 (unlimited), which preserves existing behaviour.
A positive value causes connections older than max_age to be closed and
re-dialled on the next request, ensuring CoreDNS reconnects to newly
scaled-out upstream pods even under sustained load where the idle
timeout (expire) would never fire.
If max_age is set, it must not be less than expire; the parser rejects
this combination at startup with a clear error message.
Signed-off-by: cangming <cangming@cangming.app>
---------
Signed-off-by: cangming <cangming@cangming.app>
* feat(secondary): Send NOTIFY messages after zone transfer
- Modified TransferIn() method to accept a transfer.Transfer parameter
- Added NOTIFY message sending after successful zone transfer in secondary plugin
- Updated Update() method to pass the transfer handler through the zone update cycle
- Added comprehensive tests for the secondary notify functionality
Closes#5669
Signed-off-by: liucongran <liucongran327@gmail.com>
* fix(secondary): Fix TransferIn method call in test
Update test to pass nil parameter to TransferIn method after signature change
Signed-off-by: liucongran <liucongran327@gmail.com>
* refactor(secondary): Clean up imports and add helper methods
- Reorder imports for consistency
- Add hasSOA() and getSOA() helper methods to Zone
- Remove unnecessary blank lines in tests
Signed-off-by: liucongran <liucongran327@gmail.com>
* fix(test): Fix variable declaration in secondary test
Change corefile variable assignment to use short declaration syntax (:=)
to fix compilation error.
Signed-off-by: liucongran <liucongran327@gmail.com>
* refactor(secondary): Use getSOA helper method in shouldTransfer
Replace direct SOA access with getSOA() helper method for consistency.
Signed-off-by: liucongran <liucongran327@gmail.com>
---------
Signed-off-by: liucongran <liucongran327@gmail.com>
Co-authored-by: liucongran <liucongran@cestc.cn>
- Added nolint to plugin/auto/walk.go to avoid a symlink/TOCTOU
warning, as it needs to follow symlink.
- Replaced a few flagged integer conversions with safe equivalents in
cache hashing, reuseport socket setup, and TLS arg handling
- Preallocated response rule slices in plugin/rewrite/name.go
- Replaced WriteString(fmt.Sprintf/Sprintln(...)) with direct
fmt.Fprint* calls
- Removed stale nolint directives from code and tests that are no
longer needed
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Updated release date for CoreDNS 1.14.2 to match the actual release
date. This causes issues when rendering the coredns.io website.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
