feat(forward): add doh support (#8004)

* chore(pkg/proxy): prepare for DoH implementation Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * chore(pkg/proxy): prepare for DoH implementation Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * feat(proxy): implement basic DoH resolution Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * feat(forward): implement DoH forwarding Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * feat(proxy): add basic DoH health checker Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * chore: align http transport with Go's DefaultTransport and resolve some of the TODOs Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * docs(forward): add basic documentation for DoH Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * chore: add basic tests to cover DoH Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * chore(health): unify default timeout to 1s Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * feat(forward): make doh method configurable Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * chore: remove maxIdleConnsPerHost setting & update docs Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> * chore(forward): reject https upstreams with path Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch> --------- Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
2026-06-15 13:40:11 -04:00 · 2026-06-15 02:54:05 +02:00
parent 3764620726
commit f2f5b5a1cc
12 changed files with 363 additions and 36 deletions
--- a/plugin/pkg/proxy/health_test.go
+++ b/plugin/pkg/proxy/health_test.go
@@ -1,11 +1,14 @@
 package proxy

 import (
+	"net/http"
+	"net/http/httptest"
 	"sync/atomic"
 	"testing"
 	"time"

 	"github.com/coredns/coredns/plugin/pkg/dnstest"
+	"github.com/coredns/coredns/plugin/pkg/doh"
 	"github.com/coredns/coredns/plugin/pkg/transport"

 	"github.com/miekg/dns"
@@ -72,6 +75,52 @@ func TestHealthTCP(t *testing.T) {
 	}
 }

+func TestHealthHTTPS(t *testing.T) {
+	i := uint32(0)
+	s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		msg, err := doh.RequestToMsg(r)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+
+		if msg.Question[0].Name == "." && msg.RecursionDesired == true {
+			atomic.AddUint32(&i, 1)
+		}
+
+		ret := new(dns.Msg)
+		ret.SetReply(msg)
+
+		buf, err := ret.Pack()
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		w.Header().Set("Content-Type", doh.MimeType)
+		w.Write(buf)
+	}))
+	defer s.Close()
+
+	hc := NewHealthChecker("TestHealthHTTPS", transport.HTTPS, true, ".")
+	hc.SetTLSConfig(s.Client().Transport.(*http.Transport).TLSClientConfig)
+	hc.SetReadTimeout(10 * time.Millisecond)
+	hc.SetWriteTimeout(10 * time.Millisecond)
+
+	p := NewProxy("TestHealthHTTPS", s.URL, transport.HTTPS)
+	p.readTimeout = 10 * time.Millisecond
+	err := hc.Check(p)
+	if err != nil {
+		t.Fatalf("check failed: %v", err)
+	}
+
+	time.Sleep(20 * time.Millisecond)
+	i1 := atomic.LoadUint32(&i)
+	if i1 != 1 {
+		t.Errorf("Expected number of health checks with RecursionDesired==true to be %d, got %d", 1, i1)
+	}
+}
+
 func TestHealthNoRecursion(t *testing.T) {
 	i := uint32(0)
 	s := dnstest.NewServer(func(w dns.ResponseWriter, r *dns.Msg) {