mirror of
https://github.com/coredns/coredns.git
synced 2025-12-20 09:05:14 -05:00
0d8cbb1a6b
Add configurable resource limits to prevent potential DoS vectors via connection/stream exhaustion on gRPC, HTTPS, and HTTPS/3 servers. New configuration plugins: - grpc_server: configure max_streams, max_connections - https: configure max_connections - https3: configure max_streams Changes: - Use netutil.LimitListener for connection limiting - Use gRPC MaxConcurrentStreams and message size limits - Add QUIC MaxIncomingStreams for HTTPS/3 stream limiting - Set secure defaults: 256 max streams, 200 max connections - Setting any limit to 0 means unbounded/fallback to previous impl Defaults are applied automatically when plugins are omitted from config. Includes tests and integration tests. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
chaos
Name
chaos - allows for responding to TXT queries in the CH class.
Description
This is useful for retrieving version or author information from the server by querying a TXT record for a special domain name in the CH class.
Syntax
chaos [VERSION] [AUTHORS...]
- VERSION is the version to return. Defaults to
CoreDNS-<version>, if not set. - AUTHORS is what authors to return. This defaults to all GitHub handles in the OWNERS files.
Note that you have to make sure that this plugin will get actual queries for the
following zones: version.bind, version.server, authors.bind, hostname.bind and
id.server.
Examples
Specify all the zones in full.
version.bind version.server authors.bind hostname.bind id.server {
chaos CoreDNS-001 info@coredns.io
}
Or just default to .:
. {
chaos CoreDNS-001 info@coredns.io
}
And test with dig:
% dig @localhost CH TXT version.bind
...
;; ANSWER SECTION:
version.bind. 0 CH TXT "CoreDNS-001"
...