Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-06-15 13:40:11 -04:00
Code Issues Packages Projects Releases Wiki Activity
4,802 Commits 11 Branches 82 Tags
b49fe2d4693d498aac952c68a8289f23bc8998ed
Commit Graph

4802 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Isolus
b49fe2d469 plugin/dnssec: sign each RRset with the zone that owns its name, not the query zone (#8138) 
Signed-off-by: Björn Kinscher <code@bjoern-kinscher.de>
Co-authored-by: Björn Kinscher <code@bjoern-kinscher.de>
 2026-06-05 18:36:28 -07:00
Cedric Wang
3718f0cc81 dnsserver: use http.LocalAddrContextKey for DoH local address (#8149) 
The DoH server resolved the per-connection local address in a custom
http.Server.ConnContext callback. ConnContext runs synchronously in the
http.Server accept loop, so calling c.LocalAddr() there is a problem when
the listener is proxyproto-wrapped: LocalAddr() triggers the PROXY-header
read, which blocks the accept loop until the header arrives and
head-of-line-blocks acceptance of every other connection.

net/http and http2 already populate http.LocalAddrContextKey from the
connection in the per-connection serving goroutine (net/http server.go,
http2 server_common.go / h2_bundle.go), resolved through the same
tls.Conn -> proxyproto.Conn chain. For a proxyproto connection that value
is the PROXY header's destination address -- byte-identical to what the
custom callback produced -- and it is set off the accept loop on both the
HTTP/1.1 and HTTP/2 paths.

Drop the custom ConnContext callback and the connKey type, and read
http.LocalAddrContextKey in localAddr() instead. The client address is
unaffected: it arrives via r.RemoteAddr, which the framework populates
natively.

Signed-off-by: zongqi-wang <wangzongqi@msn.com>
 2026-06-05 18:31:53 -07:00
dependabot[bot]
408fdf0812 build(deps): bump github.com/aws/aws-sdk-go-v2/config (#8141) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.32.17 to 1.32.18.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.32.17...config/v1.32.18)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-04 09:58:17 +03:00
dependabot[bot]
58921a2b48 build(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 (#8140) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.54.0 to 0.55.0.
- [Commits](https://github.com/golang/net/compare/v0.54.0...v0.55.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.55.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-04 09:53:08 +03:00
dependabot[bot]
7abb3bbc1e build(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#8142) 2026-06-04 06:33:31 +03:00
dependabot[bot]
6ae26569a2 build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 (#8147) 2026-06-04 06:31:53 +03:00
dependabot[bot]
d4852224d0 build(deps): bump docker/login-action from 4.1.0 to 4.2.0 (#8146) 2026-06-04 06:30:48 +03:00
dependabot[bot]
1369324776 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#8145) 2026-06-04 06:26:25 +03:00
徐晓伟
c02e6dc843 build: add loong64 arch support (#8137) 
* build: add loong64 arch support to Makefile.docker and Makefile.release

Signed-off-by: 徐晓伟 <xuxiaowei@xuxiaowei.com.cn>

* build: add loong64 docker build config using loong64 community images

Signed-off-by: 徐晓伟 <xuxiaowei@xuxiaowei.com.cn>

---------

Signed-off-by: 徐晓伟 <xuxiaowei@xuxiaowei.com.cn>
 2026-06-02 19:11:40 -07:00
Yong Tang
84af2a7a3f core: bound HTTP/3 request header size for DoH3 (#8135) 
This PR Set a conservative MaxHeaderBytes value on the DoH3 HTTP/3 server.
This reduces memory exposure from large request headers before requests
reach the DoH handler.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
 2026-06-01 00:58:39 -07:00
Immanuel Tikhonov
4c07a287da fix: reject invalid any and local config (#8133) 
Signed-off-by: immanuwell <pchpr.00@list.ru>
 2026-05-31 15:41:27 -07:00
Dmytro Alieksieiev
ce0e5a6f39 plugin/forward: add hostname resolution support for TO endpoints (#5646) (#7923) 
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
 2026-05-30 19:36:01 -07:00
Immanuel Tikhonov
33c71b1554 fix(kubernetes): remove debug fmt.Println from multicluster zone validation (#8131) 
Signed-off-by: immanuwell <pchpr.00@list.ru>
 2026-05-28 22:11:35 -07:00
Nicholas Amorim
6b93363b94 feat(core): expose TLS ConnectionState (SNI) for DoQ (#8129) 
DoQWriter previously stored only the QUIC stream, so plugins reading
TLS state via dns.ConnectionStater (e.g. for SNI-based routing or
auditing) could not see anything for DoQ connections, even
though the underlying QUIC connection carries a full tls.ConnectionState.

This change adds a *quic.Conn reference to DoQWriter and wires it in serveQUICStream.

It implements dns.ConnectionStater on *DoQWriter, returning the TLS
state from the underlying QUIC connection (mirrors the DoT behavior
that miekg/dns already provides for *tls.Conn)

Forwards ConnectionState through request.ScrubWriter, which wraps
every response writer before the plugin chain runs; the embedded
dns.ResponseWriter interface does not promote ConnectionState (it
belongs to a separate interface), so without this plugins would
still see nil for both DoQ and DoT

Signed-off-by: Nicholas Amorim <nicholas@santos.ee>
 2026-05-28 15:45:48 -07:00
Immanuel Tikhonov
0bcb17df06 fix: use descriptive error for unknown block options in health and log plugins (#8128) 2026-05-27 16:29:24 -07:00
dependabot[bot]
afdf121a5a build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 (#8123) 2026-05-27 16:28:17 -07:00
dependabot[bot]
516daf5b74 build(deps): bump github.com/DataDog/dd-trace-go/v2 from 2.8.1 to 2.8.2 (#8124) 2026-05-27 16:28:01 -07:00
dependabot[bot]
4158c87ebf build(deps): bump github.com/oschwald/geoip2-golang/v2 (#8125) 2026-05-27 16:27:52 -07:00
dependabot[bot]
fea4f2c708 build(deps): bump actions/stale from 10.2.0 to 10.3.0 (#8127) 
Bumps [actions/stale](https://github.com/actions/stale) from 10.2.0 to 10.3.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](b5d41d4e1d...eb5cf3af3a)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-27 20:49:07 +03:00
dependabot[bot]
63491966e4 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#8126) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](68bde559de...9e0d7b8d25)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-27 20:48:08 +03:00
Jöran Malek
eb49f402cc plugin/forward: Forward NODATA responses to Next handler (#8065) 2026-05-26 17:15:46 -07:00
Immanuel Tikhonov
17142359e0 fix: reject unknown chaos block options (#8121) 2026-05-24 05:58:11 -07:00
Ville Vesilehto
d9c6b9b8b4 fix: reject unknown trace and dnstap block options (#8120) 2026-05-21 16:06:25 -07:00
Immanuel Tikhonov
1fbc686758 fix: reject unknown ready plugin properties (#8119) 
Signed-off-by: immanuwell <pchpr.00@list.ru>
 2026-05-21 22:29:59 +03:00
JUN YANG
3e762bc603 Remove redundant code (#8072) 
Signed-off-by: Yang Jun <yang.jun22@zte.com.cn>
Signed-off-by: 杨军10092085 <yang.jun22@zte.com.cn>
 2026-05-21 22:11:29 +03:00
weiguozhang
65d15af3a9 pkg/tls: remove duplicate cipher suites (#8118) 
Signed-off-by: Weiguo Zhang <weiguozhang1990@163.com>
 2026-05-20 23:54:11 -07:00
dependabot[bot]
fb74594423 build(deps): bump google.golang.org/grpc from 1.81.0 to 1.81.1 (#8116) 2026-05-20 18:08:49 -07:00
dependabot[bot]
fa470b5d67 build(deps): bump google.golang.org/api from 0.278.0 to 0.279.0 (#8115) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.278.0 to 0.279.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.278.0...v0.279.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.279.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-20 17:04:31 -07:00
dependabot[bot]
6d284f0101 build(deps): bump golang.org/x/net from 0.53.0 to 0.54.0 (#8114) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.53.0 to 0.54.0.
- [Commits](https://github.com/golang/net/compare/v0.53.0...v0.54.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-20 17:04:17 -07:00
dependabot[bot]
571bde041d build(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 (#8113) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.50.0 to 0.51.0.
- [Commits](https://github.com/golang/crypto/compare/v0.50.0...v0.51.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-20 17:04:02 -07:00
dependabot[bot]
e323f5e1c8 build(deps): bump github.com/quic-go/quic-go from 0.59.0 to 0.59.1 (#8112) 
Bumps [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) from 0.59.0 to 0.59.1.
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.59.0...v0.59.1)

---
updated-dependencies:
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.59.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-20 22:46:22 +03:00
dependabot[bot]
4a7b286b6e build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 (#8111) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.9.0 to 5.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](2031cfc080...a1d282b36b)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-20 22:45:13 +03:00
dependabot[bot]
63736a4b08 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#8117) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.3 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e46ed2cbd0...68bde559de)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-20 22:44:40 +03:00
James R T
84faec64c3 fix(azure): apply access mode to every zone in the same block (#8110) 2026-05-20 08:06:37 -07:00
Ville Vesilehto
f8dffa7fc2 feat(secondary): add fallthrough support (#8041) 2026-05-20 00:13:03 -07:00
Umut Polat
b1a7fc8db1 fix(cache): prefer positive cache over SERVFAIL in ncache (#8003) 
When serve_stale is enabled, a cached SERVFAIL in ncache shadows a valid
positive entry in pcache because ncache is always checked first. SERVFAIL
is transient and should not mask a known-good answer.

When the ncache hit is a SERVFAIL, check pcache for a valid entry before
returning the SERVFAIL. NXDOMAIN and NODATA are unaffected and still
follow the existing ncache-first lookup per RFC 2308.

Fixes #7956

Signed-off-by: umut-polat <52835619+umut-polat@users.noreply.github.com>
 2026-05-19 20:28:35 -07:00
Endre Szabo
35391dd8a9 plugin/file: trigger reload of zones based on mtime (#8085) 
* Added fs.FileInfo.ModTime() based reload feature

Signed-off-by: Endre Szabo <git@end.re>

* Updated the plugin documentation.

Signed-off-by: Endre Szabo <git@end.re>

---------

Signed-off-by: Endre Szabo <git@end.re>
 2026-05-19 19:43:46 -07:00
Endre Szabo
ee7ff82cf5 plugin/dnstap: feature: added incoming connection support (#8086) 
* plugin/dnstap: added incoming connection support feature to dnstap plugin

Signed-off-by: Endre Szabo <git@end.re>

* fixed problems pointed out by ci linter

Signed-off-by: Endre Szabo <git@end.re>

---------

Signed-off-by: Endre Szabo <git@end.re>
 2026-05-19 19:23:53 -07:00
Charlie Tonneslan
f4f767fb4e plugin/file: canonicalize escape form in owner names (#8109) 
The miekg/dns zone parser preserves whichever text form the input
used for an escaped byte. RFC 1035 §5.1 lets the same byte appear
as \DDD (decimal) or \c (literal character), so a zone file
written with has\046dot.campus.edu. is stored under that literal
string. Incoming queries, by contrast, arrive on the wire and are
unpacked by miekg/dns into the canonical form has\.dot.campus.edu.
The two strings don't compare equal in the tree, so the record is
silently unreachable.

Pack-then-unpack the owner name on Insert so the stored key uses
the same canonical form as anything that comes off the wire. Only
runs when the name contains a backslash, so the common case is a
no-op string compare.

Fixes #8012

Signed-off-by: Charlie Tonneslan <cst0520@gmail.com>
 2026-05-19 18:08:16 -07:00
dependabot[bot]
6f4be7103a build(deps): bump github.com/aws/aws-sdk-go-v2/service/secretsmanager (#8100) 2026-05-13 22:59:03 -07:00
dependabot[bot]
ca8c14acbd build(deps): bump the go-etcd-io group across 1 directory with 2 updates (#8096) 2026-05-13 21:59:59 -07:00
dependabot[bot]
e20b2233e7 build(deps): bump google.golang.org/grpc from 1.80.0 to 1.81.0 (#8097) 2026-05-13 21:59:47 -07:00
dependabot[bot]
c89ddc0376 build(deps): bump github.com/aws/aws-sdk-go-v2/service/route53 (#8098) 2026-05-13 21:59:21 -07:00
dependabot[bot]
950dbc1037 build(deps): bump github.com/aws/aws-sdk-go-v2/config (#8104) 2026-05-13 21:13:16 -07:00
dependabot[bot]
fe6a76e7a7 build(deps): bump sigs.k8s.io/mcs-api from 0.4.1 to 0.5.0 (#8106) 2026-05-13 21:12:57 -07:00
dependabot[bot]
e88dba77d4 build(deps): bump github.com/DataDog/dd-trace-go/v2 from 2.7.3 to 2.8.1 (#8108) 2026-05-13 21:12:38 -07:00
dependabot[bot]
f928c8d5f2 build(deps): bump google.golang.org/api from 0.276.0 to 0.278.0 (#8107) 2026-05-13 21:11:41 -07:00
dependabot[bot]
da784670f9 build(deps): bump golang.org/x/sys from 0.43.0 to 0.44.0 (#8105) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.43.0 to 0.44.0.
- [Commits](https://github.com/golang/sys/compare/v0.43.0...v0.44.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-13 20:32:04 +03:00
dependabot[bot]
2214a0b72a build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#8099) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.35.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](95e58e9a2c...e46ed2cbd0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-13 17:24:54 +03:00
Ville Vesilehto
10e13fa561 chore: bump Go version to 1.26.3 (#8095) 2026-05-12 05:37:00 +03:00