Add optional show_first flag to consolidate directive that logs
the first error immediately and then consolidates subsequent errors.
When show_first is enabled:
- The first matching error is logged immediately with full details
(rcode, domain, type, error message) using the configured log level
- Subsequent matching errors are consolidated during the period
- At period end:
- If only one error occurred, no summary is printed (already logged)
- If multiple errors occurred, summary shows the total count
Syntax:
consolidate DURATION REGEXP [LEVEL] [show_first]
Example with 3 errors:
[WARNING] 2 example.org. A: read udp 10.0.0.1:53->8.8.8.8:53: i/o timeout
[WARNING] 3 errors like '^read udp .* i/o timeout$' occurred in last 30s
Example with 1 error:
[WARNING] 2 example.org. A: read udp 10.0.0.1:53->8.8.8.8:53: i/o timeout
Implementation details:
- Add showFirst bool to pattern struct
- Rename inc() to consolidateError(), return false for showFirst case
- Use function pointer in ServeDNS to unify log calls with proper level
- Simplify logPattern() with single condition (cnt > 1 || !showFirst)
- Refactor parseLogLevel() to parseOptionalParams() with map-based dispatch
- Validate parameter order: log level must come before show_first
- Update README.md with show_first documentation and examples
- Add comprehensive test cases for show_first functionality
Signed-off-by: cangming <cangming@cangming.app>
This PR add a deprecation noticed for geoip plugin's upcoming
behavior change of 0. Please see PR #7732 for details.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
A very large regex for the auto plugin in the Corefile could cause
CoreDNS to OOM. This change adds an artificial limit of 10k characters
for the regex pattern. Fixes OSS-Fuzz finding #466745384.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
The plugin dropped the actual error message from the log, so the log
becomes completely useless.
Before:
```
[ERROR] plugin/kubernetes: error Failed to watch
```
After:
```
[ERROR] plugin/kubernetes: Failed to watch: failed to list *v1.Namespace: Get "https://10.96.0.1:443/api/v1/namespaces?limit=500&resourceVersion=0": tls: failed to parse certificate from server: x509: SAN dNSName is malformed
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add RWMutex to protect concurrent map access in Set, Unset, and ForEach methods.
Change New() to return *U pointer type for proper synchronization.
Signed-off-by: Cangming H <cangmingh@gmail.com>
Fixes a bug in the forward plugin where an immediate connection
failure (e.g., TCP RST) could trigger an infinite busy loop. The
retry logic failed to increment the "fails" counter when a
connection error occurred, causing the loop condition to
remain permanently true. This patch fixes it and adds a
regression test.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
This commit removes superfluous allocations of the Answer, Ns, and Extra
slices when copying a cached a dns.Msg. The allocations are superfluous
because we immediately overwrite the newly copied slices with
filterRRSlice. It also updates filterRRSlice to pre-calculate the size
of the slice being copied into.
Benchmark results:
goos: darwin
goarch: arm64
pkg: github.com/coredns/coredns/plugin/cache
cpu: Apple M4 Pro
│ base.10.txt │ new.10.txt │
│ sec/op │ sec/op vs base │
CacheResponse-14 471.1n ± 0% 462.9n ± 2% -1.74% (p=0.009 n=10)
│ base.10.txt │ new.10.txt │
│ B/op │ B/op vs base │
CacheResponse-14 672.0 ± 0% 656.0 ± 0% -2.38% (p=0.000 n=10)
│ base.10.txt │ new.10.txt │
│ allocs/op │ allocs/op vs base │
CacheResponse-14 13.00 ± 0% 12.00 ± 0% -7.69% (p=0.000 n=10)
Signed-off-by: Charlie Vieth <charlie.vieth@gmail.com>
This commit changes the CNAME rewrite rule to use a pre-compiled regexp
when the match type is RegexMatch instead of compiling it on-the-fly for
each request. This will also allow for invalid regexp patterns to be
identified during setup instead of causing a panic when the rule is
first invoked.
Signed-off-by: Charlie Vieth <charlie.vieth@gmail.com>
