mirror of
https://github.com/coredns/coredns.git
synced 2025-12-21 01:25:11 -05:00
0d8cbb1a6b
Add configurable resource limits to prevent potential DoS vectors via connection/stream exhaustion on gRPC, HTTPS, and HTTPS/3 servers. New configuration plugins: - grpc_server: configure max_streams, max_connections - https: configure max_connections - https3: configure max_streams Changes: - Use netutil.LimitListener for connection limiting - Use gRPC MaxConcurrentStreams and message size limits - Add QUIC MaxIncomingStreams for HTTPS/3 stream limiting - Set secure defaults: 256 max streams, 200 max connections - Setting any limit to 0 means unbounded/fallback to previous impl Defaults are applied automatically when plugins are omitted from config. Includes tests and integration tests. Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
48 lines
884 B
Markdown
48 lines
884 B
Markdown
# https
|
|
|
|
## Name
|
|
|
|
*https* - configures DNS-over-HTTPS (DoH) server options.
|
|
|
|
## Description
|
|
|
|
The *https* plugin allows you to configure parameters for the DNS-over-HTTPS (DoH) server to fine-tune the security posture and performance of the server.
|
|
|
|
This plugin can only be used once per HTTPS listener block.
|
|
|
|
## Syntax
|
|
|
|
```txt
|
|
https {
|
|
max_connections POSITIVE_INTEGER
|
|
}
|
|
```
|
|
|
|
* `max_connections` limits the number of concurrent TCP connections to the HTTPS server. The default value is 200 if not specified. Set to 0 for unbounded.
|
|
|
|
## Examples
|
|
|
|
Set custom limits for maximum connections:
|
|
|
|
```
|
|
https://.:443 {
|
|
tls cert.pem key.pem
|
|
https {
|
|
max_connections 100
|
|
}
|
|
whoami
|
|
}
|
|
```
|
|
|
|
Set values to 0 for unbounded, matching CoreDNS behaviour before v1.14.0:
|
|
|
|
```
|
|
https://.:443 {
|
|
tls cert.pem key.pem
|
|
https {
|
|
max_connections 0
|
|
}
|
|
whoami
|
|
}
|
|
```
|