Commit Graph

4858 Commits

Author SHA1 Message Date
Yong Tang
84849690a4 Test: Fix flaky health test (#8239) 2026-07-08 06:00:40 +03:00
houyuwushang
6662dd58ea plugin/pkg/response: classify nxdomain without soa as denial (#8199)
Signed-off-by: houyuwushang <liuluoqianqiu@outlook.com>
2026-07-05 22:48:51 -07:00
Saleh
31559f43e8 plugin/file: return SOA in authority for negative CNAME target answers (#8226) 2026-07-05 00:39:15 -07:00
Aaron Mark
ea19f815a6 plugin/forward: make per-upstream read timeout configurable (#8205) 2026-07-04 17:07:04 -07:00
houyuwushang
97e3a71afb plugin/secondary: parse catalog zones after transfer (#8209) 2026-07-04 17:06:05 -07:00
Omkhar Arasaratnam
9226f8a3aa plugin/pkg/dnsutil: guard Join against an empty label slice (#8225) 2026-07-04 17:02:53 -07:00
Saleh
7abc21bc49 plugin/file: run additional processing for wildcard answers (#8222)
* plugin/file: run additional processing for wildcard answers

The wildcard branch of Zone.Lookup returned a nil additional section, so a
wildcard-synthesized MX/SRV/SVCB/HTTPS answer with an in-bailiwick target
did not include the target's A/AAAA glue. The non-wildcard path already
does this, so call additionalProcessing in the wildcard branch as well.

Fixes #6629

Signed-off-by: Salih Muhammed <root@lr0.org>

* plugin/file: move wildcard additional test into wildcard_test.go

Requested in review: keep the wildcard tests in one file.

Signed-off-by: Salih Muhammed <root@lr0.org>

---------

Signed-off-by: Salih Muhammed <root@lr0.org>
2026-07-04 16:07:01 -07:00
Ville Vesilehto
bc4343b083 fix(tls): use Go TLS defaults (#8227)
Remove fixed TLS 1.2 cipher suite list and maximum TLS version so
crypto/tls can use its maintained defaults. Keep TLS 1.2 as the
minimum supported version.

Document the shared TLS default behavior for plugins that expose TLS
configuration and add coverage to ensure CoreDNS leaves Go-managed
TLS fields unset.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2026-07-04 16:03:02 -07:00
houyuwushang
679f764ae1 plugin/secondary: stop update loop on reload shutdown (#8198) 2026-07-02 06:46:03 -07:00
Antoine
3a4b87bdb4 fix(8201): restore old behavior forward plugin continue on empty conf file (#8203) 2026-07-01 23:11:37 -07:00
Jaime Hablutzel
8d94712f99 fix(forward): make dnstap FORWARDER_* describe the socket from CoreDNS to upstream (#8184)
Signed-off-by: Jaime Hablutzel <hablutzel1@gmail.com>
2026-07-01 21:04:04 -07:00
Baltasar Blanco
6e7093cafb plugin/cache: add regression test for AD bit not partitioning the cache (#8214)
The cache key is hashed on qname, qtype, DO and CD, but deliberately not on the AD bit, so a single entry serves both AD- and non-AD-requesting clients. The AD bit returned must therefore be derived per request from the cached answer's authentication status, not frozen from the query that populated the entry.

This pins both orderings (noad-then-ad and ad-then-noad) so the historical asymmetry reported in #6642 cannot regress.

Signed-off-by: baltasarblanco <baltablanco9008@gmail.com>
2026-07-01 15:46:49 -07:00
dependabot[bot]
6b9936a99f build(deps): bump github.com/DataDog/dd-trace-go/v2 from 2.8.2 to 2.9.0 (#8218)
Bumps [github.com/DataDog/dd-trace-go/v2](https://github.com/DataDog/dd-trace-go) from 2.8.2 to 2.9.0.
- [Release notes](https://github.com/DataDog/dd-trace-go/releases)
- [Commits](https://github.com/DataDog/dd-trace-go/compare/v2.8.2...v2.9.0)

---
updated-dependencies:
- dependency-name: github.com/DataDog/dd-trace-go/v2
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-01 15:45:53 -07:00
dependabot[bot]
85d5ec7974 build(deps): bump actions/setup-go from 6.4.0 to 6.5.0 (#8219) 2026-07-01 18:16:45 +03:00
dependabot[bot]
9ac3acb006 build(deps): bump softprops/action-gh-release from 3.0.0 to 3.0.1 (#8220) 2026-07-01 18:16:27 +03:00
Immanuel Tikhonov
33266a45c7 fix(rewrite): restore the original question on empty replies (#8212)
Signed-off-by: immanuwell <pchpr.00@list.ru>
2026-06-30 07:05:12 -04:00
houyuwushang
4faf983fb6 plugin/auto: warn on duplicate zone file origins (#8191)
Signed-off-by: houyuwushang <liuluoqianqiu@outlook.com>
2026-06-29 00:59:23 -07:00
Immanuel Tikhonov
70f7922ec5 test: use dynamic ports in reload tests (#8206)
Signed-off-by: immanuwell <pchpr.00@list.ru>
2026-06-29 00:58:46 -07:00
houyuwushang
02f28345d1 plugin/transfer: configure notify source address (#8192)
Signed-off-by: houyuwushang <liuluoqianqiu@outlook.com>
2026-06-28 21:15:16 -07:00
Immanuel Tikhonov
45a20ddcf1 fix: accept scoped IPv6 addresses in transfer targets (#8204)
Signed-off-by: immanuwell <pchpr.00@list.ru>
2026-06-27 22:26:12 -07:00
Immanuel Tikhonov
69e7a4be73 fix(trace): correct Zipkin v2 endpoint docs (#8202) 2026-06-27 03:21:26 -07:00
Immanuel Tikhonov
1539f9b7d6 fix(log): synthesize deferred error responses (#8200)
Signed-off-by: immanuwell <pchpr.00@list.ru>
2026-06-26 01:58:20 -07:00
Jaime Hablutzel
1936a2bb40 fix(dnstap): store IPv4-mapped IPv6 addresses as 4 octets with SocketFamily INET (#8186)
Signed-off-by: Jaime Hablutzel <hablutzel1@gmail.com>
2026-06-25 15:49:32 -07:00
dependabot[bot]
d0e0d92fa4 build(deps): bump github.com/prometheus/common from 0.68.1 to 0.69.0 (#8195)
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.68.1 to 0.69.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/common/compare/v0.68.1...v0.69.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-version: 0.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-24 22:08:52 -07:00
dependabot[bot]
6511a8cd53 build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#8194)
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](df4cb1c069...9c091bb21b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-24 22:08:39 -07:00
Amirhossein Ebrahimzade
6805f6f8a0 plugin/hosts: add wildcard support (#8185)
* plugin/hosts: add wildcard support for owner names

Signed-off-by: youknowforsearch <amirhebrahimzader@gmail.com>

* plugin/hosts: document wildcard owner name support

Signed-off-by: youknowforsearch <amirhebrahimzader@gmail.com>

* plugin/hosts: remove unused lookupStaticHost

Signed-off-by: Amirhossein Ebrahimzade <amirhossein.e@smartech.ir>

---------

Signed-off-by: youknowforsearch <amirhebrahimzader@gmail.com>
Signed-off-by: Amirhossein Ebrahimzade <amirhossein.e@smartech.ir>
Co-authored-by: Amirhossein Ebrahimzade <amirhossein.e@smartech.ir>
2026-06-24 22:08:08 -07:00
Immanuel Tikhonov
e45ad5f87a fix(local): handle names under .localhost. (#8151) 2026-06-24 02:31:31 -07:00
houyuwushang
faeb8ba699 plugin/hosts: fall through unsupported query types (#8193) 2026-06-24 02:28:20 -07:00
Yong Tang
fc447d0658 plugin/rewrite: Fix nil-pointer panic in EDNS0 response reversion with no OPT record (#8190)
* plugin/rewrite: Fix nil-pointer panic in EDNS0 response reversion with no OPT record

This PR fix a nil-pointer panic in EDNS0 response reversion when downstream responses do not contain an OPT record,

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

* Fix

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

---------

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2026-06-23 16:02:35 -07:00
dependabot[bot]
67346401a2 build(deps): bump github.com/aws/aws-sdk-go-v2/config (#8182)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.32.22 to 1.32.25.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.22...config/v1.32.25)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-23 10:38:12 +03:00
dependabot[bot]
cc88c96e0e build(deps): bump github.com/aws/aws-sdk-go-v2/credentials (#8178)
Bumps [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) from 1.19.21 to 1.19.24.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/credentials/v1.19.21...credentials/v1.19.24)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-version: 1.19.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-17 18:26:16 -07:00
dependabot[bot]
7dd46578ee build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds (#8179)
Bumps [github.com/aws/aws-sdk-go-v2/feature/ec2/imds](https://github.com/aws/aws-sdk-go-v2) from 1.18.27 to 1.18.29.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.27...config/v1.18.29)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/ec2/imds
  dependency-version: 1.18.29
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-17 18:05:36 -07:00
dependabot[bot]
88e96252c8 build(deps): bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#8175)
Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.42.1 to 1.42.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.42.1...service/amp/v1.42.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-version: 1.42.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-17 18:05:24 -07:00
dependabot[bot]
a90c59a79e build(deps): bump github.com/aws/aws-sdk-go-v2/service/route53 (#8172)
Bumps [github.com/aws/aws-sdk-go-v2/service/route53](https://github.com/aws/aws-sdk-go-v2) from 1.63.1 to 1.63.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.63.1...service/s3/v1.63.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/route53
  dependency-version: 1.63.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-17 16:40:55 -07:00
dependabot[bot]
9b531e1fa5 build(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0 (#8181) 2026-06-17 19:01:22 +03:00
dependabot[bot]
d8ca1016fa build(deps): bump github.com/quic-go/quic-go from 0.59.1 to 0.60.0 (#8174) 2026-06-17 19:00:44 +03:00
dependabot[bot]
b13d708d55 build(deps): bump golang.org/x/net from 0.55.0 to 0.56.0 (#8180) 2026-06-17 18:59:44 +03:00
dependabot[bot]
515085d55e build(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (#8173) 2026-06-17 18:48:42 +03:00
Thomas Gosteli
f2f5b5a1cc feat(forward): add doh support (#8004)
* chore(pkg/proxy): prepare for DoH implementation

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore(pkg/proxy): prepare for DoH implementation

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* feat(proxy): implement basic DoH resolution

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* feat(forward): implement DoH forwarding

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* feat(proxy): add basic DoH health checker

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore: align http transport with Go's DefaultTransport

and resolve some of the TODOs

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* docs(forward): add basic documentation for DoH

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore: add basic tests to cover DoH

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore(health): unify default timeout to 1s

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* feat(forward): make doh method configurable

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore: remove maxIdleConnsPerHost setting & update docs

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore(forward): reject https upstreams with path

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

---------

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
2026-06-14 17:54:05 -07:00
Ville Vesilehto
3764620726 chore: bump Go version to 1.26.4 (#8171)
Includes bug and security fixes.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
2026-06-14 17:53:22 -07:00
dependabot[bot]
d35a94f05a build(deps): bump github.com/aws/aws-sdk-go-v2/service/route53 (#8165)
Bumps [github.com/aws/aws-sdk-go-v2/service/route53](https://github.com/aws/aws-sdk-go-v2) from 1.62.7 to 1.63.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.62.7...service/s3/v1.63.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/route53
  dependency-version: 1.63.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 23:13:46 -07:00
Jonathan Tooker
0ff56da7e4 core/dnsserver: propagate HTTPRequestValidateFunc to all configs in a server block (#8169)
Signed-off-by: Jonathan Tooker <jonathan.tooker@netprotect.com>
2026-06-10 21:07:43 -07:00
dependabot[bot]
34db0ea286 build(deps): bump github.com/aws/aws-sdk-go-v2/config (#8166)
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.32.18 to 1.32.22.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.18...config/v1.32.22)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 21:06:39 -07:00
dependabot[bot]
7e03b6b504 build(deps): bump github.com/prometheus/common from 0.67.5 to 0.68.1 (#8163)
Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.67.5 to 0.68.1.
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/common/compare/v0.67.5...v0.68.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-version: 0.68.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 17:46:31 -07:00
dependabot[bot]
8ba320a022 build(deps): bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#8164)
Bumps [github.com/aws/aws-sdk-go-v2/service/secretsmanager](https://github.com/aws/aws-sdk-go-v2) from 1.41.7 to 1.42.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.41.7...service/s3/v1.42.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/secretsmanager
  dependency-version: 1.42.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 17:46:14 -07:00
dependabot[bot]
2a274c6564 build(deps): bump golang.org/x/sys from 0.45.0 to 0.46.0 (#8167)
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.45.0 to 0.46.0.
- [Commits](https://github.com/golang/sys/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 17:45:58 -07:00
dependabot[bot]
6e83532c59 build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.41.7 to 1.41.11 (#8168)
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.41.7 to 1.41.11.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.41.7...v1.41.11)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.41.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 17:45:46 -07:00
dependabot[bot]
fee8173cbf build(deps): bump the go-etcd-io group with 2 updates (#8157)
Bumps the go-etcd-io group with 2 updates: [go.etcd.io/etcd/api/v3](https://github.com/etcd-io/etcd) and [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd).


Updates `go.etcd.io/etcd/api/v3` from 3.6.11 to 3.6.12
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.11...v3.6.12)

Updates `go.etcd.io/etcd/client/v3` from 3.6.11 to 3.6.12
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.11...v3.6.12)

---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/api/v3
  dependency-version: 3.6.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-etcd-io
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-version: 3.6.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-etcd-io
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-10 17:45:28 -07:00
dependabot[bot]
0a33a3d6a1 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#8160) 2026-06-10 17:26:59 +03:00
dependabot[bot]
9221482e2d build(deps): bump github/codeql-action from 4.36.0 to 4.36.1 (#8159) 2026-06-10 17:26:16 +03:00