mirror of
https://github.com/coredns/coredns.git
synced 2025-12-20 00:55:11 -05:00
0d8cbb1a6b
Add configurable resource limits to prevent potential DoS vectors via connection/stream exhaustion on gRPC, HTTPS, and HTTPS/3 servers. New configuration plugins: - grpc_server: configure max_streams, max_connections - https: configure max_connections - https3: configure max_streams Changes: - Use netutil.LimitListener for connection limiting - Use gRPC MaxConcurrentStreams and message size limits - Add QUIC MaxIncomingStreams for HTTPS/3 stream limiting - Set secure defaults: 256 max streams, 200 max connections - Setting any limit to 0 means unbounded/fallback to previous impl Defaults are applied automatically when plugins are omitted from config. Includes tests and integration tests. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
https
Name
https - configures DNS-over-HTTPS (DoH) server options.
Description
The https plugin allows you to configure parameters for the DNS-over-HTTPS (DoH) server to fine-tune the security posture and performance of the server.
This plugin can only be used once per HTTPS listener block.
Syntax
https {
max_connections POSITIVE_INTEGER
}
max_connectionslimits the number of concurrent TCP connections to the HTTPS server. The default value is 200 if not specified. Set to 0 for unbounded.
Examples
Set custom limits for maximum connections:
https://.:443 {
tls cert.pem key.pem
https {
max_connections 100
}
whoami
}
Set values to 0 for unbounded, matching CoreDNS behaviour before v1.14.0:
https://.:443 {
tls cert.pem key.pem
https {
max_connections 0
}
whoami
}