Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-31 02:03:20 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
72f5a92d302637f40cf7f87ee9e8edf8f9943cf7
coredns/core/dnsserver/server-tls.go
Miek Gieben bfaf9e0aec core: add more transports (#574) 
* core: add listening for other protocols

Allow CoreDNS to listen for TLS request coming over port 853. This can
be enabled with `tls://` in the config file.

Implement listening for grps:// as well.

a Corefile like:

~~~
. tls://.:1853 {
    whoami
    tls
}
~~~

Means we listen on 1853 for tls requests, the `tls` config item allows
configuration for TLS parameters. We *might* be tempted to use Caddy's
Let's Encrypt implementation here.

* Refactor coredns/grpc into CoreDNS

This makes gRPC a first class citizen in CoreDNS. Add defines as being
just another server.

* some cleanups

* unexport the servers

* Move protobuf dir

* Hook up TLS properly

* Fix test

* listen for TLS as well. README updates

* disable test, fix package

* fix test

* Fix tests

* Fix remaining test

* Some tests

* Make the test work

* Add grpc test from #580

* fix crash

* Fix tests

* Close conn

* README cleanups

* README

* link RFC
2017-03-13 20:24:37 +00:00

86 lines
2.0 KiB
Go
Raw Blame History

package dnsserver
import (
"context"
"crypto/tls"
"fmt"
"net"
"github.com/miekg/dns"
)
// serverTLS represents an instance of a TLS-over-DNS-server.
type serverTLS struct {
*Server
}
// NewTLSServer returns a new CoreDNS TLS server and compiles all middleware in to it.
func NewServerTLS(addr string, group []*Config) (*serverTLS, error) {
s, err := NewServer(addr, group)
if err != nil {
return nil, err
}
return &serverTLS{Server: s}, nil
}
// Serve implements caddy.TCPServer interface.
func (s *serverTLS) Serve(l net.Listener) error {
s.m.Lock()
// Only fill out the TCP server for this one.
s.server[tcp] = &dns.Server{Listener: l, Net: "tcp-tls", Handler: dns.HandlerFunc(func(w dns.ResponseWriter, r *dns.Msg) {
ctx := context.Background()
s.ServeDNS(ctx, w, r)
})}
s.m.Unlock()
return s.server[tcp].ActivateAndServe()
}
// ServePacket implements caddy.UDPServer interface.
func (s *serverTLS) ServePacket(p net.PacketConn) error { return nil }
// Listen implements caddy.TCPServer interface.
func (s *serverTLS) Listen() (net.Listener, error) {
// The *tls* middleware must make sure that multiple conflicting
// TLS configuration return an error: it can only be specified once.
tlsConfig := new(tls.Config)
for _, conf := range s.zones {
// Should we error if some configs *don't* have TLS?
tlsConfig = conf.TLSConfig
}
var (
l net.Listener
err error
)
if tlsConfig == nil {
l, err = net.Listen("tcp", s.Addr[len(TransportTLS+"://"):])
} else {
l, err = tls.Listen("tcp", s.Addr[len(TransportTLS+"://"):], tlsConfig)
}
if err != nil {
return nil, err
}
return l, nil
}
// ListenPacket implements caddy.UDPServer interface.
func (s *serverTLS) ListenPacket() (net.PacketConn, error) { return nil, nil }
// OnStartupComplete lists the sites served by this server
// and any relevant information, assuming Quiet is false.
func (s *serverTLS) OnStartupComplete() {
if Quiet {
return
}
for zone, config := range s.zones {
fmt.Println(TransportTLS + "://" + zone + ":" + config.Port)
}
}
Reference in New Issue View Git Blame Copy Permalink