Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-12-19 16:45:11 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
0d8cbb1a6bcb6bc9c1a489865278b8725fa20812
coredns/core/dnsserver/zdirectives.go
Ville Vesilehto 0d8cbb1a6b Merge commit from fork 
Add configurable resource limits to prevent potential DoS vectors
via connection/stream exhaustion on gRPC, HTTPS, and HTTPS/3 servers.

New configuration plugins:
- grpc_server: configure max_streams, max_connections
- https: configure max_connections
- https3: configure max_streams

Changes:
- Use netutil.LimitListener for connection limiting
- Use gRPC MaxConcurrentStreams and message size limits
- Add QUIC MaxIncomingStreams for HTTPS/3 stream limiting
- Set secure defaults: 256 max streams, 200 max connections
- Setting any limit to 0 means unbounded/fallback to previous impl

Defaults are applied automatically when plugins are omitted from
config.

Includes tests and integration tests.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2025-12-17 19:08:59 -08:00

72 lines
998 B
Go
Raw Blame History

// generated by directives_generate.go; DO NOT EDIT
package dnsserver
// Directives are registered in the order they should be
// executed.
//
// Ordering is VERY important. Every plugin will
// feel the effects of all other plugin below
// (after) them during a request, but they must not
// care what plugin above them are doing.
var Directives = []string{
"root",
"metadata",
"geoip",
"cancel",
"tls",
"quic",
"grpc_server",
"https",
"https3",
"timeouts",
"multisocket",
"reload",
"nsid",
"bufsize",
"bind",
"debug",
"trace",
"ready",
"health",
"pprof",
"prometheus",
"errors",
"log",
"dnstap",
"local",
"dns64",
"acl",
"any",
"chaos",
"loadbalance",
"tsig",
"cache",
"rewrite",
"header",
"dnssec",
"autopath",
"minimal",
"template",
"transfer",
"hosts",
"route53",
"azure",
"clouddns",
"k8s_external",
"kubernetes",
"file",
"auto",
"secondary",
"etcd",
"loop",
"forward",
"grpc",
"erratic",
"whoami",
"on",
"sign",
"view",
"nomad",
}
Reference in New Issue View Git Blame Copy Permalink