Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2026-06-15 13:40:11 -04:00
Code Issues Packages Projects Releases Wiki Activity
4,820 Commits 11 Branches 82 Tags
f2f5b5a1cc46ed16ae6dd3c0043303cdf6704b62
Commit Graph

1509 Commits

Author SHA1 Message Date
Thomas Gosteli
f2f5b5a1cc feat(forward): add doh support (#8004) 
* chore(pkg/proxy): prepare for DoH implementation

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore(pkg/proxy): prepare for DoH implementation

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* feat(proxy): implement basic DoH resolution

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* feat(forward): implement DoH forwarding

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* feat(proxy): add basic DoH health checker

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore: align http transport with Go's DefaultTransport

and resolve some of the TODOs

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* docs(forward): add basic documentation for DoH

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore: add basic tests to cover DoH

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore(health): unify default timeout to 1s

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* feat(forward): make doh method configurable

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore: remove maxIdleConnsPerHost setting & update docs

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

* chore(forward): reject https upstreams with path

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>

---------

Signed-off-by: Thomas Gosteli <thomas.gosteli@protonmail.ch>
 2026-06-14 17:54:05 -07:00
Yong Tang
60a439dd4f plugin/proxyproto: Prevent nil pointer dereference when dropping malformed PROXY packets (#8154) 
Avoid a potential nil pointer dereference in PacketConn.ReadFrom() when malformed PROXY protocol headers cause readFrom() to return a nil address.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
 2026-06-08 16:26:32 -07:00
Yong Tang
3342b414e3 plugin/cache: allow cache TTLs above default 3600s (#8134) 
* plugin/cache: allow cache TTLs above default 3600s

This change allows the cache plugin to honor configured maximum TTL values above the default 3600s limit. Default behavior remains unchanged
This PR fixes 7846

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

* Keep MinimalTTL

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

---------

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
 2026-06-06 07:48:26 +03:00
Isolus
b49fe2d469 plugin/dnssec: sign each RRset with the zone that owns its name, not the query zone (#8138) 
Signed-off-by: Björn Kinscher <code@bjoern-kinscher.de>
Co-authored-by: Björn Kinscher <code@bjoern-kinscher.de>
 2026-06-05 18:36:28 -07:00
Immanuel Tikhonov
4c07a287da fix: reject invalid any and local config (#8133) 
Signed-off-by: immanuwell <pchpr.00@list.ru>
 2026-05-31 15:41:27 -07:00
Dmytro Alieksieiev
ce0e5a6f39 plugin/forward: add hostname resolution support for TO endpoints (#5646) (#7923) 
Signed-off-by: Dmytro Alieksieiev <1865999+dragoangel@users.noreply.github.com>
 2026-05-30 19:36:01 -07:00
Immanuel Tikhonov
33c71b1554 fix(kubernetes): remove debug fmt.Println from multicluster zone validation (#8131) 
Signed-off-by: immanuwell <pchpr.00@list.ru>
 2026-05-28 22:11:35 -07:00
Immanuel Tikhonov
0bcb17df06 fix: use descriptive error for unknown block options in health and log plugins (#8128) 2026-05-27 16:29:24 -07:00
Jöran Malek
eb49f402cc plugin/forward: Forward NODATA responses to Next handler (#8065) 2026-05-26 17:15:46 -07:00
Immanuel Tikhonov
17142359e0 fix: reject unknown chaos block options (#8121) 2026-05-24 05:58:11 -07:00
Ville Vesilehto
d9c6b9b8b4 fix: reject unknown trace and dnstap block options (#8120) 2026-05-21 16:06:25 -07:00
Immanuel Tikhonov
1fbc686758 fix: reject unknown ready plugin properties (#8119) 
Signed-off-by: immanuwell <pchpr.00@list.ru>
 2026-05-21 22:29:59 +03:00
JUN YANG
3e762bc603 Remove redundant code (#8072) 
Signed-off-by: Yang Jun <yang.jun22@zte.com.cn>
Signed-off-by: 杨军10092085 <yang.jun22@zte.com.cn>
 2026-05-21 22:11:29 +03:00
weiguozhang
65d15af3a9 pkg/tls: remove duplicate cipher suites (#8118) 
Signed-off-by: Weiguo Zhang <weiguozhang1990@163.com>
 2026-05-20 23:54:11 -07:00
James R T
84faec64c3 fix(azure): apply access mode to every zone in the same block (#8110) 2026-05-20 08:06:37 -07:00
Ville Vesilehto
f8dffa7fc2 feat(secondary): add fallthrough support (#8041) 2026-05-20 00:13:03 -07:00
Umut Polat
b1a7fc8db1 fix(cache): prefer positive cache over SERVFAIL in ncache (#8003) 
When serve_stale is enabled, a cached SERVFAIL in ncache shadows a valid
positive entry in pcache because ncache is always checked first. SERVFAIL
is transient and should not mask a known-good answer.

When the ncache hit is a SERVFAIL, check pcache for a valid entry before
returning the SERVFAIL. NXDOMAIN and NODATA are unaffected and still
follow the existing ncache-first lookup per RFC 2308.

Fixes #7956

Signed-off-by: umut-polat <52835619+umut-polat@users.noreply.github.com>
 2026-05-19 20:28:35 -07:00
Endre Szabo
35391dd8a9 plugin/file: trigger reload of zones based on mtime (#8085) 
* Added fs.FileInfo.ModTime() based reload feature

Signed-off-by: Endre Szabo <git@end.re>

* Updated the plugin documentation.

Signed-off-by: Endre Szabo <git@end.re>

---------

Signed-off-by: Endre Szabo <git@end.re>
 2026-05-19 19:43:46 -07:00
Endre Szabo
ee7ff82cf5 plugin/dnstap: feature: added incoming connection support (#8086) 
* plugin/dnstap: added incoming connection support feature to dnstap plugin

Signed-off-by: Endre Szabo <git@end.re>

* fixed problems pointed out by ci linter

Signed-off-by: Endre Szabo <git@end.re>

---------

Signed-off-by: Endre Szabo <git@end.re>
 2026-05-19 19:23:53 -07:00
Charlie Tonneslan
f4f767fb4e plugin/file: canonicalize escape form in owner names (#8109) 
The miekg/dns zone parser preserves whichever text form the input
used for an escaped byte. RFC 1035 §5.1 lets the same byte appear
as \DDD (decimal) or \c (literal character), so a zone file
written with has\046dot.campus.edu. is stored under that literal
string. Incoming queries, by contrast, arrive on the wire and are
unpacked by miekg/dns into the canonical form has\.dot.campus.edu.
The two strings don't compare equal in the tree, so the record is
silently unreachable.

Pack-then-unpack the owner name on Insert so the stored key uses
the same canonical form as anything that comes off the wire. Only
runs when the name contains a backslash, so the common case is a
no-op string compare.

Fixes #8012

Signed-off-by: Charlie Tonneslan <cst0520@gmail.com>
 2026-05-19 18:08:16 -07:00
Syed Azeez
b2cb44b966 feat(cache): add optional verify timeout to serve_stale (#8070) 2026-05-06 00:32:28 -07:00
Peppi-Lotta
8c5ec14e31 Fix broken links (#8051) 
Signed-off-by: peppi-lotta <peppi-lotta.saari@est.tech>
 2026-04-16 20:31:32 +03:00
rpb-ant
50cbaf87a0 plugin/file: introduce snapshot()/setData() accessors for zone data (#8040) 
Signed-off-by: Ryan Brewster <rpb@anthropic.com>
 2026-04-12 20:34:36 +03:00
andreyrusanov-ec
8a28dc9c7d fix(dnssec) TestDelegationUnSigned: Potential nil pointer dereference (#8042) 
Signed-off-by: Andrey Rusanov <andrey.rusanov@edgecenter.ru>
 2026-04-12 11:34:23 +03:00
JUN YANG
57a95e2677 [BUG] plugin/ready: fix Reset list of readiness plugins (#8035) 
Signed-off-by: 杨军10092085 <yang.jun22@zte.com.cn>
 2026-04-11 13:15:28 +03:00
rpb-ant
0ed3aae547 Fix data race in xfr.go (#8039) 
Signed-off-by: Ryan Brewster <rpb@anthropic.com>
 2026-04-11 11:39:31 +03:00
Yong Tang
c0e6e7cef3 core: Add full TSIG verification in DoH transport (#8013) 
* core: Add full TSIG verification in DoH transport

This PR add full TSIG verification in DoH using dns.TsigVerify()
7943

---------

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
 2026-04-09 15:24:00 +03:00
Ville Vesilehto
4c71636a71 fix(auto): resolve symlinked directory before walk (#8032) 2026-04-08 14:38:01 -07:00
rpb-ant
010dc1e2b7 Allow selectively exporting all Go runtime metrics (#7990) 
Signed-off-by: Ryan Brewster <rpb@anthropic.com>
 2026-04-08 21:38:19 +03:00
Ville Vesilehto
5643d41ba7 fix(tls): use temp dir for keylog test path (#8010) 2026-04-04 11:37:51 -07:00
Umut Polat
61f4145506 fix(transfer): batch AXFR records by message size instead of count (#8002) 2026-04-04 11:35:27 -07:00
Umut Polat
2263340fab fix(dnsserver): allow view server blocks in any declaration order (#8001) 
When using the view plugin, filtered and unfiltered server blocks can
share the same zone and port. The zone overlap validation rejected this
configuration when the unfiltered block was not declared last, because
filtered configs treated an already-registered zone as an error.

Skip the 'already defined' check for configs that have filter functions,
since they are expected to coexist with an unfiltered catch-all block on
the same zone/port.

Fixes #7733

Signed-off-by: umut-polat <52835619+umut-polat@users.noreply.github.com>
 2026-04-04 20:45:55 +03:00
Ville Vesilehto
4eb6eca9f0 fix(dnssec): return nil from ParseKeyFile on error (#8000) 2026-04-04 10:40:47 -07:00
Ville Vesilehto
cb40d84c85 fix(dnssec): return nil sigs on sign error (#7999) 2026-04-04 10:40:29 -07:00
Ville Vesilehto
510977c476 fix(dnssec): avoid caching empty signing results (#7996) 2026-04-01 14:20:15 -07:00
Ville Vesilehto
6d6c50db3a fix(dnssec): add defensive nil checks (#7997) 2026-04-01 14:19:54 -07:00
Ville Vesilehto
503c2d7ea3 fix(kubernetes): sanitize non-UTF-8 host in metrics (#7998) 2026-04-01 14:19:29 -07:00
Ville Vesilehto
2ba4340362 chore: bump golangci-lint to v2.11.4 (#7983) 2026-03-30 14:39:09 -07:00
rpb-ant
20626a7464 Add an atomic.Bool to singleflight prefetching (#7963) 
Also updated plugin to document single-flighting

Signed-off-by: Ryan Brewster <rpb@anthropic.com>
 2026-03-30 23:18:24 +03:00
Ville Vesilehto
0ba8e3c850 test(dnstap): fix flaky TestReconnect (#7982) 2026-03-29 17:03:08 -07:00
Ville Vesilehto
0e9a51410a lint(revive): fix unreachable-code violation (#7979) 2026-03-29 17:02:39 -07:00
Ville Vesilehto
6720959b8b lint(revive): fix unused-parameter violations (#7980) 2026-03-29 17:02:20 -07:00
Ville Vesilehto
6af8fd46fe lint(revive): fix unnecessary-stmt violations (#7978) 2026-03-29 17:02:03 -07:00
Ville Vesilehto
867cd8fd6b lint(revive): fix indent-error-flow violations (#7977) 2026-03-29 17:01:22 -07:00
Ville Vesilehto
7fd983b02c lint(revive): fix context-as-argument violations (#7976) 2026-03-29 17:01:03 -07:00
Ville Vesilehto
61330515de test(forward): restore defaultTimeout (#7981) 2026-03-29 17:00:30 -07:00
Ville Vesilehto
54b06d9a3b lint(revive): fix early-return violations (#7974) 2026-03-29 16:59:22 -07:00
Minghang Chen
34acf8353f proxyproto: add UDP session tracking for Spectrum PPv2 (#7967) 2026-03-28 15:06:36 -07:00
Ingmar Van Glabbeek
12d9457e71 plugin/file: expand SVCB/HTTPS record support (#7950) 
* plugin/file: expand SVCB/HTTPS record support

Add proper SVCB (type 64) and HTTPS (type 65) handling:

- Additional section processing: include A/AAAA glue for in-bailiwick
  SVCB/HTTPS targets, matching existing SRV/MX behavior
- Target name normalization: lowercase SVCB/HTTPS Target on zone insert,
  consistent with CNAME/MX handling
- Metrics: add TypeSVCB to monitored query types (TypeHTTPS was already
  present)
- Test helpers: add SVCB()/HTTPS() constructors and Section comparison
  cases
- Tests: basic queries with glue, AliasMode, wildcards, NoData, NXDOMAIN,
  target normalization, and DNS-AID private-use key (65400-65408)
  round-trip

Signed-off-by: Ingmar <ivanglabbeek@infoblox.com>

* plugin/file: simplify HTTPS target access via field promotion

dns.HTTPS embeds dns.SVCB, so .Target is directly accessible
without the redundant .SVCB. qualifier. Fixes gosimple S1027.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Ingmar <ivanglabbeek@infoblox.com>

---------

Signed-off-by: Ingmar <ivanglabbeek@infoblox.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-28 11:46:41 +02:00
Ilya Kulakov
a8caf4c375 plugin/tls: Add the keylog option to configure TLSConfig.KeyLogWriter (#7537) 
* tls: Add the keylog option to configure TLSConfig.KeyLogWriter

Signed-off-by: Ilya Kulakov <kulakov.ilya@gmail.com>

* tls: Close keylog file on instance shutdown.

Signed-off-by: Ilya Kulakov <kulakov.ilya@gmail.com>

---------

Signed-off-by: Ilya Kulakov <kulakov.ilya@gmail.com>
 2026-03-27 21:10:13 +02:00