fuck features, all my homies hate features
This commit is contained in:
parent
9edfaed631
commit
300687e114
32
ADOPTERS.md
32
ADOPTERS.md
|
@ -1,32 +0,0 @@
|
|||
* [Infoblox](https://www.infoblox.com) uses CoreDNS in its Active Trust Cloud SaaS service, as well as for Kubernetes cluster DNS.
|
||||
* [Sky Betting & Gaming](https://engineering.skybettingandgaming.com) uses CoreDNS for Kubernetes cluster DNS.
|
||||
* [Kismia](https://kismia.com) uses CoreDNS for Kubernetes cluster DNS.
|
||||
* [Admiral](https://getadmiral.com) uses CoreDNS to handle geographic DNS requests for our public-facing microservices.
|
||||
* [Qunar](https://qunar.com) uses CoreDNS for service discovery of its GPU machine learning cloud with TensorFlow and Kubernetes.
|
||||
* [seansean2](https://web.mit.edu) uses CoreDNS in production at MIT for DNS.
|
||||
* [Tradeshift](https://tradeshift.com/) uses CoreDNS to look up company identifiers across multiple shards/regions/zones
|
||||
* [SoundCloud](https://soundcloud.com/) uses CoreDNS as internal cache+proxy in Kubernetes clusters to handle hundreds of thousands DNS service discovery requests per second.
|
||||
* [Z Lab](https://zlab.co.jp) uses CoreDNS in production combination with Consul and Kubernetes Clusters.
|
||||
* [Serpro/estaleiro](estaleiro.serpro.gov.br) uses CoreDNS as Kubernetes' DNS Server, in production with tuned Kubernetes plugin options
|
||||
* [Lumo](https://thinklumo.com) uses CoreDNS as Kubernetes' DNS Server, in production and lab with default configuration
|
||||
* [Booming Games](https://booming-games.com) uses CoreDNS in multiple Kubernetes clusters, with Federation plugin. expect to go into production soon.
|
||||
* [Sodimac](https://www.sodimac.cl) uses CoreDNS with Kubernetes in production with default configuration.
|
||||
* [Bose](https://www.bose.com/) uses CoreDNS with Kubernetes in production on very large cluster (over 250 nodes)
|
||||
* [farmotive](https://farmotive.io) uses CoreDNS in Kubernetes using default configuration, in its Lab. Expect to be in production soon.
|
||||
* [Zalando SE](https://www.zalando.de) uses CoreDNS as Kubernetes' DNS Server, in production.
|
||||
* [Trainline](https://trainline.com) uses CoreDNS along with Kubernetes in production, with a tuned configuration.
|
||||
* [AnchorFree](https://www.anchorfree.com) uses CoreDNS within Kubernetes in production, with standard configuration.
|
||||
* [Datacom](https://datacom.co.nz) uses CoreDNS with a tuned configuration for Kubernetes, as production.
|
||||
* [Takealot.com](https://www.takealot.com) uses CoreDNS as Kubernetes' DNS Server, in production.
|
||||
* [scalable minds](https://scalableminds.com) uses CoreDNS with default configuration for Kubernetes in its production environment.
|
||||
* [ObjectRocket](https://www.objectrocket.com) uses CoreDNS on its numerous Kubernetes' clusters, using refined configurations. Address both Lab and Production environment
|
||||
* [Devino Telecom](https://devinotele.com) uses CoreDNS with default configuration for Kubernetes for its Lab and its Production.
|
||||
* [Yandex Money](https://money.yandex.ru) uses CoreDNS in Lab and Production, using default configuration for Kubernetes.
|
||||
* [AdGuard](https://adguard.com/) uses CoreDNS in [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome) and, therefore, in production public AdGuard DNS servers.
|
||||
* [Skyscanner](https://www.skyscanner.net) uses CoreDNS within Kubernetes in production with the configuration tuned to use the Autopath plugin.
|
||||
* [Zinza Technology](https://zinza.com.vn) uses CoreDNS within Kubernetes in production, with standard configuration.
|
||||
* [Hualala](https://www.hualala.com) uses CoreDNS in Kubernetes using default configuration, in its Lab. Expected to be in production soon.
|
||||
* [Hellofresh](https://www.hellofresh.com/) uses CoreDNS in multiple Kubernetes clusters, with Forward plugin.
|
||||
* [Render](https://render.com) uses CoreDNS in production across all its Kubernetes clusters.
|
||||
* [BackMarket](https://www.backmarket.com) uses CoreDNS within Kubernetes in production, with standard configuration.
|
||||
* [Absa Group](https://www.absa.africa) uses CoreDNS as an integral part of Kubernetes Global Balancer project - [k8gb](https://www.k8gb.io/).
|
54
CODEOWNERS
54
CODEOWNERS
|
@ -1,54 +0,0 @@
|
|||
# @miekg, miek@miek.nl, project lead: 11/11/2021
|
||||
|
||||
* @bradbeam @chrisohaver @dilyevsky @fastest963 @greenpau @isolus @johnbelamaric @miekg @pmoroney @rajansandeep @stp-ip @superq @yongtang
|
||||
|
||||
/.circleci/ @miekg @chrisohaver @rajansandeep
|
||||
/plugin/pkg/ @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
|
||||
/coremain/ @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
|
||||
/core/ @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
|
||||
/request/ @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
|
||||
/plugin/* @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
|
||||
go.sum @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
|
||||
go.mod @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
|
||||
|
||||
/plugin/acl/ @miekg @ihac
|
||||
/plugin/any/ @miekg
|
||||
/plugin/auto/ @miekg @stp-ip
|
||||
/plugin/autopath/ @chrisohaver @miekg
|
||||
/plugin/azure/ @miekg @yongtang @darshanime
|
||||
/plugin/bind/ @miekg
|
||||
/plugin/bufsize/ @ykhr53
|
||||
/plugin/cache/ @miekg
|
||||
/plugin/cancel/ @miekg
|
||||
/plugin/chaos/ @miekg @zouyee
|
||||
/plugin/clouddns/ @miekg @yongtang
|
||||
/plugin/dns64 @superq
|
||||
/plugin/dnssec/ @isolus @miekg
|
||||
/plugin/dnstap/ @varyoo @yongtang
|
||||
/plugin/erratic/ @miekg
|
||||
/plugin/errors/ @miekg
|
||||
/plugin/etcd/ @miekg @nitisht
|
||||
/plugin/file/ @miekg @yongtang @stp-ip
|
||||
/plugin/forward/ @johnbelamaric @miekg @rdrozhdzh
|
||||
/plugin/grpc/ @inigohu @miekg @zouyee
|
||||
/plugin/health/ @fastest963 @miekg @zouyee
|
||||
/plugin/hosts/ @johnbelamaric @pmoroney
|
||||
/plugin/k8s_external/ @miekg
|
||||
/plugin/kubernetes/ @bradbeam @chrisohaver @johnbelamaric @miekg @rajansandeep @yongtang @zouyee
|
||||
/plugin/loadbalance/ @miekg
|
||||
/plugin/log/ @miekg @nchrisdk
|
||||
/plugin/loop/ @miekg @chrisohaver
|
||||
/plugin/metadata/ @ekleiner @miekg
|
||||
/plugin/metrics/ @fastest963 @miekg @superq @greenpau
|
||||
/plugin/nsid/ @yongtang
|
||||
/plugin/pprof/ @miekg @zouyee
|
||||
/plugin/reload/ @johnbelamaric
|
||||
/plugin/rewrite/ @greenpau @johnbelamaric
|
||||
/plugin/root/ @miekg
|
||||
/plugin/route53/ @yongtang @dilyevsky
|
||||
/plugin/secondary/ @bradbeam @miekg
|
||||
/plugin/template/ @rtreffer
|
||||
/plugin/tls/ @johnbelamaric
|
||||
/plugin/trace/ @johnbelamaric @zouyee
|
||||
/plugin/transfer/ @miekg @chrisohaver
|
||||
/plugin/whoami/ @miekg @chrisohaver
|
|
@ -1 +0,0 @@
|
|||
.github/CODE_OF_CONDUCT.md
|
12
Dockerfile
12
Dockerfile
|
@ -1,12 +0,0 @@
|
|||
FROM debian:stable-slim
|
||||
|
||||
RUN apt-get update && apt-get -uy upgrade
|
||||
RUN apt-get -y install ca-certificates && update-ca-certificates
|
||||
|
||||
FROM scratch
|
||||
|
||||
COPY --from=0 /etc/ssl/certs /etc/ssl/certs
|
||||
ADD coredns /coredns
|
||||
|
||||
EXPOSE 53 53/udp
|
||||
ENTRYPOINT ["/coredns"]
|
145
GOVERNANCE.md
145
GOVERNANCE.md
|
@ -1,145 +0,0 @@
|
|||
# CoreDNS Governance
|
||||
|
||||
## Principles
|
||||
|
||||
The CoreDNS community adheres to the following principles:
|
||||
|
||||
- Open: CoreDNS is open source, advertised on [our website](https://coredns.io/community).
|
||||
- Welcoming and respectful: See [Code of Conduct](CODE-OF-CONDUCT.md).
|
||||
- Transparent and accessible: Changes to the CoreDNS organization, CoreDNS code repositories, and CNCF related activities (e.g. level, involvement, etc) are done in public.
|
||||
- Merit: Ideas and contributions are accepted according to their technical merit and alignment with
|
||||
project objectives, scope, and design principles.
|
||||
|
||||
## Project Lead
|
||||
|
||||
The CoreDNS project has a project lead.
|
||||
|
||||
A project lead in CoreDNS is
|
||||
a single person that has a final say in any decision concerning the CoreDNS project.
|
||||
|
||||
The term of the project lead is one year, with no term limit restriction.
|
||||
|
||||
The project lead is elected by CoreDNS maintainers
|
||||
according to an individual's technical merit to CoreDNS project.
|
||||
|
||||
The current project lead is identified in the [CODEOWNERS](CODEOWNERS) file with the string
|
||||
`project lead` and the term behind the name in a comment at the top of the file.
|
||||
|
||||
|
||||
## Expectations from Maintainers
|
||||
|
||||
Every one carries water...
|
||||
|
||||
Making a community work requires input/effort from everyone. Maintainers should actively
|
||||
participate in Pull Request reviews. Maintainers are expected to respond to assigned Pull Requests
|
||||
in a *reasonable* time frame, either providing insights, or assign the Pull Requests to other
|
||||
maintainers.
|
||||
|
||||
Every Maintainer is listed in the
|
||||
[CODEOWNERS](https://github.com/coredns/coredns/blob/master/CODEOWNERS)
|
||||
file, with their Github handle.
|
||||
|
||||
A Maintainer should be a member of `maintainers@coredns.io`, although this is not a hard requirement.
|
||||
|
||||
## Becoming a Maintainer
|
||||
|
||||
On successful merge of a significant pull request any current maintainer can reach
|
||||
to the author behind the pull request and ask them if they are willing to become a CoreDNS
|
||||
maintainer. The email of the new maintainer invitation should be cc'ed to `maintainers@coredns.io`
|
||||
as part of the process.
|
||||
|
||||
## Changes in Maintainership
|
||||
|
||||
If a Maintainer feels she/he can not fulfill the "Expectations from Maintainers", they are free to
|
||||
step down.
|
||||
|
||||
The CoreDNS organization will never forcefully remove a current Maintainer, unless a maintainer
|
||||
fails to meet the principles of CoreDNS community,
|
||||
or adhere to the [Code of Conduct](CODE-OF-CONDUCT.md).
|
||||
|
||||
## Changes in Project Lead
|
||||
|
||||
Changes in project lead or term is initiated by opening a github PR.
|
||||
|
||||
Anyone from CoreDNS community can vote on the PR with either +1 or -1.
|
||||
|
||||
Only the following votes are binding:
|
||||
1) Any maintainer that has been listed in the [CODEOWNERS](CODEOWNERS) file before the PR is opened.
|
||||
2) Any maintainer from an organization may cast the vote for that organization. However, no organization
|
||||
should have more binding votes than 1/5 of the total number of maintainers defined in 1).
|
||||
|
||||
The PR should only be opened no earlier than 6 weeks before the end of the project lead's term.
|
||||
The PR should be kept open for no less than 4 weeks. The PR can only be merged after the end of the
|
||||
last project lead's term, with more +1 than -1 in the binding votes.
|
||||
|
||||
When there are conflicting PRs about changes in project lead, the PR with the most binding +1 votes is merged.
|
||||
|
||||
The project lead can volunteer to step down.
|
||||
|
||||
## Changes in Project Governance
|
||||
|
||||
Changes in project governance (GOVERNANCE.md) could be initiated by opening a github PR.
|
||||
The PR should only be opened no earlier than 6 weeks before the end of the project lead's term.
|
||||
The PR should be kept open for no less than 4 weeks. The PR can only be merged follow the same
|
||||
voting process as in `Changes in Project Lead`.
|
||||
|
||||
## Decision making process
|
||||
|
||||
Decisions are build on consensus between maintainers.
|
||||
Proposals and ideas can either be submitted for agreement via a github issue or PR,
|
||||
or by sending an email to `maintainers@coredns.io`.
|
||||
|
||||
In general, we prefer that technical issues and maintainer membership are amicably worked out between the persons involved.
|
||||
If a dispute cannot be decided independently, get a third-party maintainer (e.g. a mutual contact with some background
|
||||
on the issue, but not involved in the conflict) to intercede.
|
||||
If a dispute still cannot be decided, the project lead has the final say to decide an issue.
|
||||
|
||||
Decision making process should be transparent to adhere to
|
||||
the principles of CoreDNS project.
|
||||
|
||||
All proposals, ideas, and decisions by maintainers or the project lead
|
||||
should either be part of a github issue or PR, or be sent to `maintainers@coredns.io`.
|
||||
|
||||
## Github Project Administration
|
||||
|
||||
The __coredns__ GitHub project maintainers team reflects the list of Maintainers.
|
||||
|
||||
## Other Projects
|
||||
|
||||
The CoreDNS organization is open to receive new sub-projects under its umbrella. To accept a project
|
||||
into the __CoreDNS__ organization, it has to meet the following criteria:
|
||||
|
||||
- Must be licensed under the terms of the Apache License v2.0
|
||||
- Must be related to one or more scopes of the CoreDNS ecosystem:
|
||||
- CoreDNS project artifacts (website, deployments, CI, etc)
|
||||
- External plugins
|
||||
- Other DNS related processing
|
||||
- Must be supported by a Maintainer not associated or affiliated with the author(s) of the sub-projects
|
||||
|
||||
The submission process starts as a Pull Request or Issue on the
|
||||
[coredns/coredns](https://github.com/coredns/coredns) repository with the required information
|
||||
mentioned above. Once a project is accepted, it's considered a __CNCF sub-project under the umbrella
|
||||
of CoreDNS__.
|
||||
|
||||
## New Plugins
|
||||
|
||||
The CoreDNS is open to receive new plugins as part of the CoreDNS repo. The submission process
|
||||
is the same as a Pull Request submission. Unlike small Pull Requests though, a new plugin submission
|
||||
should only be approved by a maintainer not associated or affiliated with the author(s) of the
|
||||
plugin.
|
||||
|
||||
## CoreDNS and CNCF
|
||||
|
||||
CoreDNS is a CNCF project. As such, CoreDNS might be involved in CNCF (or other CNCF projects) related
|
||||
marketing, events, or activities. Any maintainer could help driving the CoreDNS involvement, as long as
|
||||
she/he sends email to `maintainers@coredns.io` (or create a GitHub Pull Request) to call for participation
|
||||
from other maintainers. The `Call for Participation` should be kept open for no less than a week if time
|
||||
permits, or a _reasonable_ time frame to allow maintainers to have a chance to volunteer.
|
||||
|
||||
## Code of Conduct
|
||||
|
||||
The [CoreDNS Code of Conduct](CODE-OF-CONDUCT.md) is aligned with the CNCF Code of Conduct.
|
||||
|
||||
## Credits
|
||||
|
||||
Sections of this documents have been borrowed from [Fluentd](https://github.com/fluent/fluentd/blob/master/GOVERNANCE.md) and [Envoy](https://github.com/envoyproxy/envoy/blob/master/GOVERNANCE.md) projects.
|
35
Makefile
35
Makefile
|
@ -1,35 +0,0 @@
|
|||
# Makefile for building CoreDNS
|
||||
GITCOMMIT:=$(shell git describe --dirty --always)
|
||||
BINARY:=coredns
|
||||
SYSTEM:=
|
||||
CHECKS:=check
|
||||
BUILDOPTS:=-v
|
||||
GOPATH?=$(HOME)/go
|
||||
MAKEPWD:=$(dir $(realpath $(firstword $(MAKEFILE_LIST))))
|
||||
CGO_ENABLED:=0
|
||||
|
||||
.PHONY: all
|
||||
all: coredns
|
||||
|
||||
.PHONY: coredns
|
||||
coredns: $(CHECKS)
|
||||
CGO_ENABLED=$(CGO_ENABLED) $(SYSTEM) go build $(BUILDOPTS) -ldflags="-s -w -X github.com/coredns/coredns/coremain.GitCommit=$(GITCOMMIT)" -o $(BINARY)
|
||||
|
||||
.PHONY: check
|
||||
check: core/plugin/zplugin.go core/dnsserver/zdirectives.go
|
||||
|
||||
core/plugin/zplugin.go core/dnsserver/zdirectives.go: plugin.cfg
|
||||
go generate coredns.go
|
||||
|
||||
.PHONY: gen
|
||||
gen:
|
||||
go generate coredns.go
|
||||
|
||||
.PHONY: pb
|
||||
pb:
|
||||
$(MAKE) -C pb
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
go clean
|
||||
rm -f coredns
|
64
Makefile.doc
64
Makefile.doc
|
@ -1,64 +0,0 @@
|
|||
# This Makefile generates the manual pages from the markdown README.mds. It depends
|
||||
# on https://github.com/mmarkdown/mmark to be installed. Generally we want this to be
|
||||
# updated before doing a release. The Debian package, for instance, looks at these pages
|
||||
# and will install them on your system.
|
||||
|
||||
MMARK_VERSION:=2.2.4
|
||||
PLUGINS:=$(wildcard plugin/*/README.md)
|
||||
READMES:=$(subst plugin/,,$(PLUGINS))
|
||||
READMES:=$(subst /README.md,,$(READMES))
|
||||
PLUGINS:=$(subst plugin/,coredns-,$(PLUGINS))
|
||||
PLUGINS:=$(subst /README.md,(7),$(PLUGINS))
|
||||
|
||||
all: mmark man/coredns.1 man/corefile.5 plugins
|
||||
|
||||
GO ?= go
|
||||
GOHOSTOS ?= $(shell $(GO) env GOHOSTOS)
|
||||
GOHOSTARCH ?= $(shell $(GO) env GOHOSTARCH)
|
||||
GO_BUILD_PLATFORM ?= $(GOHOSTOS)_$(GOHOSTARCH)
|
||||
|
||||
FIRST_GOPATH := $(firstword $(subst :, ,$(shell $(GO) env GOPATH)))
|
||||
MMARK_BIN := $(FIRST_GOPATH)/bin/mmark
|
||||
MMARK := $(FIRST_GOPATH)/bin/mmark -man
|
||||
|
||||
MMARK_URL := https://github.com/mmarkdown/mmark/releases/download/v$(MMARK_VERSION)/mmark_$(MMARK_VERSION)_$(GO_BUILD_PLATFORM).tgz
|
||||
|
||||
.PHONY: mmark
|
||||
mmark: $(MMARK_BIN)
|
||||
|
||||
$(MMARK_BIN):
|
||||
$(eval MMARK_TMP := $(shell mktemp -d))
|
||||
curl -s -L $(MMARK_URL) | tar -xvzf - -C $(MMARK_TMP)
|
||||
mkdir -p $(FIRST_GOPATH)/bin
|
||||
cp $(MMARK_TMP)/mmark $(FIRST_GOPATH)/bin/mmark
|
||||
rm -r $(MMARK_TMP)
|
||||
|
||||
man/coredns.1: coredns.1.md
|
||||
@/bin/echo -e '%%%\n title = "coredns 1"\n' \
|
||||
'area = "CoreDNS"\n workgroup = "CoreDNS"\n%%%\n\n' > $@.header
|
||||
@cat $@.header $< > $@.md && rm $@.header
|
||||
@sed -i -e "s/@@PLUGINS@@/$(PLUGINS)/" $@.md
|
||||
$(MMARK) $@.md > $@ && rm $@.md
|
||||
|
||||
man/corefile.5: corefile.5.md
|
||||
@/bin/echo -e '%%%\n title = "corefile 5"\n' \
|
||||
'area = "CoreDNS"\n workgroup = "CoreDNS"\n%%%\n\n' > $@.header
|
||||
@cat $@.header $< > $@.md && rm $@.header
|
||||
$(MMARK) $@.md > $@ && rm $@.md
|
||||
|
||||
.PHONY: plugins
|
||||
plugins:
|
||||
for README in $(READMES); do \
|
||||
$(MAKE) -f Makefile.doc man/coredns-$$README.7; \
|
||||
done
|
||||
|
||||
man/coredns-%.7: plugin/%/README.md
|
||||
@/bin/echo -e "%%%\n title = \"`basename $@ | sed s\/\.7\/\/` 7\"\n" \
|
||||
'area = "CoreDNS"\n workgroup = "CoreDNS Plugins"\n%%%\n\n' > $@.header
|
||||
@cat $@.header $< > $@.md && rm $@.header
|
||||
@sed -i '/^# .*/d' $@.md
|
||||
$(MMARK) $@.md > $@ && rm $@.md
|
||||
|
||||
PHONY: clean
|
||||
clean:
|
||||
rm -f man/*
|
|
@ -1,58 +0,0 @@
|
|||
# Makefile for fuzzing
|
||||
#
|
||||
# With https://app.fuzzit.dev/ we are continuously fuzzing CoreDNS.
|
||||
#
|
||||
# Use go-fuzz and needs the tools installed. For each fuzz.go in a plugin's directory
|
||||
# you can start the fuzzing with: make -f Makefile.fuzz <plugin>
|
||||
# e.g.
|
||||
#
|
||||
# make -f Makefile.fuzz forward
|
||||
#
|
||||
# Each plugin that wants to join the fuzzing fray only needs to add a fuzz.go that calls
|
||||
# the plugin's ServeDNS and used the plugin/pkg/fuzz for the Do function.
|
||||
#
|
||||
# Installing go-fuzz is very tricky because it does not support Go modules, see the `Makefile`
|
||||
# for the current trickery. The following may do the trick:
|
||||
#
|
||||
# GO111MODULE=off go get github.com/dvyukov/go-fuzz/go-fuzz-build
|
||||
|
||||
REPO:="github.com/coredns/coredns"
|
||||
FUZZIT:=v2.4.35
|
||||
# set LIBFUZZER=YES to build libfuzzer compatible targets
|
||||
|
||||
FUZZ:=$(dir $(wildcard plugin/*/fuzz.go)) # plugin/cache/
|
||||
PLUGINS:=$(foreach f,$(FUZZ),$(subst plugin, ,$(f:/=))) # > /cache
|
||||
PLUGINS:=$(foreach f,$(PLUGINS),$(subst /, ,$(f))) # > cache
|
||||
|
||||
.PHONY: echo
|
||||
echo:
|
||||
@echo $(PLUGINS) corefile
|
||||
|
||||
all: $(PLUGINS) corefile
|
||||
|
||||
.PHONY: $(PLUGINS)
|
||||
$(PLUGINS): echo
|
||||
ifeq ($(LIBFUZZER), YES)
|
||||
go-fuzz-build -libfuzzer -o $(@).a ./plugin/$(@)
|
||||
clang -fsanitize=fuzzer $(@).a -o $(@)
|
||||
else
|
||||
go-fuzz-build $(REPO)/plugin/$(@)
|
||||
go-fuzz -bin=./$(@)-fuzz.zip -workdir=fuzz/$(@)
|
||||
endif
|
||||
|
||||
.PHONY: corefile
|
||||
corefile:
|
||||
ifeq ($(LIBFUZZER), YES)
|
||||
go-fuzz-build -libfuzzer -o $(@).a ./test
|
||||
clang -fsanitize=fuzzer $(@).a -o $(@)
|
||||
else
|
||||
go-fuzz-build $(REPO)/test
|
||||
go-fuzz -bin=./test-fuzz.zip -workdir=fuzz/$(@)
|
||||
endif
|
||||
|
||||
fuzzit:
|
||||
wget --quiet -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/$(FUZZIT)/fuzzit_Linux_x86_64 && chmod +x fuzzit
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm *-fuzz.zip
|
207
Makefile.release
207
Makefile.release
|
@ -1,207 +0,0 @@
|
|||
# Makefile for releasing CoreDNS
|
||||
#
|
||||
# The release is controlled from coremain/version.go. The version found there is
|
||||
# used to tag the git repo and to build the assets that are uploaded to GitHub.
|
||||
#
|
||||
# The release should be accompanied by release notes in the notes/ subdirectory.
|
||||
# These are published on coredns.io. For example see: notes/coredns-1.5.1.md
|
||||
# Use make -f Makefile.release notes to create a skeleton notes document.
|
||||
#
|
||||
# Be sure to prune the PR list a bit, not everything is worthy!
|
||||
#
|
||||
# As seen in notes/coredns-1.5.1.md we want to style the notes in the following manner:
|
||||
#
|
||||
# * important changes at the top
|
||||
# * people who committed/review code (the latter is harder to get)
|
||||
# * Slightly abbreviated list of pull requests merged for this release.
|
||||
#
|
||||
# Steps to release, first:
|
||||
#
|
||||
# 1. Up the version in coremain/version.go
|
||||
# 2. Do a make -f Makefile.doc # This has been automated in GitHub, so you can probably skip this step
|
||||
# 3. go generate
|
||||
# 4. Send PR to get this merged.
|
||||
#
|
||||
# Then:
|
||||
#
|
||||
# 1. Open an issue for this release
|
||||
# 2. In an issue give the command: /release master VERSION
|
||||
# Where VERSION is the version of the release - the release script double checks this with the
|
||||
# actual CoreDNS version in coremain/version.go
|
||||
# 3. (to test as release /release -t master VERSION can be used.
|
||||
#
|
||||
# See https://github.com/coredns/release for documentation README on what needs to be setup for this to be
|
||||
# automated (can still be done by hand if needed). Especially what environment variables need to be
|
||||
# set! This further depends on Caddy being setup and [dreck](https://github.com/miekg/dreck) running as a plugin in Caddy.
|
||||
#
|
||||
# To release we run, these target from the this Makefile.release ordered like:
|
||||
# * make release
|
||||
# * make docker
|
||||
# * make github-push
|
||||
# * make docker-push
|
||||
#
|
||||
# Testing this is hard-ish as you don't want to accidentially release a coredns. If not executing the github-push target
|
||||
# and using a non-coredns docker repo you should be fine.
|
||||
# Testing docker is done e.g. via:
|
||||
#
|
||||
# export DOCKER_PASSWORD=<pass>
|
||||
# export DOCKER_LOGIN=miek
|
||||
# make DOCKER=miek -f Makefile.release build docker-build docker-push
|
||||
|
||||
EMPTY:=
|
||||
SPACE:=$(EMPTY) $(EMPTY)
|
||||
COMMA:=$(EMPTY),$(EMPTY)
|
||||
|
||||
ifeq (, $(shell which curl))
|
||||
$(error "No curl in $$PATH, please install")
|
||||
endif
|
||||
|
||||
# DOCKER is the docker image repo we need to push to.
|
||||
DOCKER:=
|
||||
NAME:=coredns
|
||||
VERSION:=$(shell grep 'CoreVersion' coremain/version.go | awk '{ print $$3 }' | tr -d '"')
|
||||
GITHUB:=coredns
|
||||
# mips is not in LINUX_ARCH because it's not supported by docker manifest
|
||||
LINUX_ARCH:=amd64 arm arm64 mips64le ppc64le s390x
|
||||
DOCKER_IMAGE_NAME:=$(DOCKER)/$(NAME)
|
||||
PLATFORMS:=$(subst $(SPACE),$(COMMA),$(foreach arch,$(LINUX_ARCH),linux/$(arch)))
|
||||
DOCKER_IMAGE_LIST_VERSIONED:=$(shell echo $(LINUX_ARCH) | sed -e "s~[^ ]*~$(DOCKER_IMAGE_NAME)\-&:$(VERSION)~g")
|
||||
DOCKER_IMAGE_LIST_LATEST:=$(shell echo $(LINUX_ARCH) | sed -e "s~[^ ]*~$(DOCKER_IMAGE_NAME)\-&:latest~g")
|
||||
|
||||
all:
|
||||
@echo Use the 'release' target to build a release, 'docker' for docker build.
|
||||
|
||||
release: build tar
|
||||
|
||||
docker: docker-build
|
||||
|
||||
.PHONY: build
|
||||
build:
|
||||
@go version
|
||||
@echo Cleaning old builds
|
||||
@rm -rf build && mkdir build
|
||||
@echo Building: darwin/amd64 - $(VERSION)
|
||||
mkdir -p build/darwin/amd64 && $(MAKE) coredns BINARY=build/darwin/amd64/$(NAME) SYSTEM="GOOS=darwin GOARCH=amd64" CHECKS="" BUILDOPTS=""
|
||||
@echo Building: windows/amd64 - $(VERSION)
|
||||
mkdir -p build/windows/amd64 && $(MAKE) coredns BINARY=build/windows/amd64/$(NAME).exe SYSTEM="GOOS=windows GOARCH=amd64" CHECKS="" BUILDOPTS=""
|
||||
@echo Building: linux/mips - $(VERSION)
|
||||
mkdir -p build/linux/mips && $(MAKE) coredns BINARY=build/linux/mips/$(NAME) SYSTEM="GOOS=linux GOARCH=mips" CHECKS="" BUILDOPTS=""
|
||||
@echo Building: linux/$(LINUX_ARCH) - $(VERSION) ;\
|
||||
for arch in $(LINUX_ARCH); do \
|
||||
mkdir -p build/linux/$$arch && $(MAKE) coredns BINARY=build/linux/$$arch/$(NAME) SYSTEM="GOOS=linux GOARCH=$$arch" CHECKS="" BUILDOPTS="" ;\
|
||||
done
|
||||
|
||||
.PHONY: tar
|
||||
tar:
|
||||
@echo Cleaning old releases
|
||||
@rm -rf release && mkdir release
|
||||
tar -zcf release/$(NAME)_$(VERSION)_darwin_amd64.tgz -C build/darwin/amd64 $(NAME)
|
||||
tar -zcf release/$(NAME)_$(VERSION)_windows_amd64.tgz -C build/windows/amd64 $(NAME).exe
|
||||
tar -zcf release/$(NAME)_$(VERSION)_linux_mips.tgz -C build/linux/mips $(NAME)
|
||||
tar -zcf release/$(NAME)_$(VERSION)_linux_mips64le.tgz -C build/linux/mips64le $(NAME)
|
||||
for arch in $(LINUX_ARCH); do \
|
||||
tar -zcf release/$(NAME)_$(VERSION)_linux_$$arch.tgz -C build/linux/$$arch $(NAME) ;\
|
||||
done
|
||||
|
||||
.PHONY: github-push
|
||||
github-push:
|
||||
ifeq ($(GITHUB_ACCESS_TOKEN),)
|
||||
$(error "Please set the GITHUB_ACCESS_TOKEN environment variable")
|
||||
else
|
||||
@echo Releasing: $(VERSION)
|
||||
@$(eval RELEASE:=$(shell curl -s -d '{"tag_name": "v$(VERSION)", "name": "v$(VERSION)"}' -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" "https://api.github.com/repos/$(GITHUB)/$(NAME)/releases" | grep -m 1 '"id"' | tr -cd '[[:digit:]]'))
|
||||
@echo ReleaseID: $(RELEASE)
|
||||
@( cd release; for asset in `ls -A *tgz`; do \
|
||||
echo $$asset; \
|
||||
curl -o /dev/null -X POST \
|
||||
-H "Content-Type: application/gzip" \
|
||||
-H "Authorization: token ${GITHUB_ACCESS_TOKEN}" \
|
||||
--data-binary "@$$asset" \
|
||||
"https://uploads.github.com/repos/$(GITHUB)/$(NAME)/releases/$(RELEASE)/assets?name=$${asset}" ; \
|
||||
done )
|
||||
@( cd release; for asset in `ls -A *tgz`; do \
|
||||
sha256sum $$asset > $$asset.sha256; \
|
||||
done )
|
||||
@( cd release; for asset in `ls -A *sha256`; do \
|
||||
echo $$asset; \
|
||||
curl -o /dev/null -X POST \
|
||||
-H "Content-Type: text/plain" \
|
||||
-H "Authorization: token ${GITHUB_ACCESS_TOKEN}" \
|
||||
--data-binary "@$$asset" \
|
||||
"https://uploads.github.com/repos/$(GITHUB)/$(NAME)/releases/$(RELEASE)/assets?name=$${asset}" ; \
|
||||
done )
|
||||
endif
|
||||
|
||||
.PHONY: docker-build
|
||||
docker-build: tar
|
||||
ifeq ($(DOCKER),)
|
||||
$(error "Please specify Docker registry to use. Use DOCKER=coredns for releases")
|
||||
else
|
||||
@# Steps:
|
||||
@# 1. Copy appropriate coredns binary to build/docker/linux/<arch>
|
||||
@# 2. Copy Dockerfile to build/docker/linux/<arch>
|
||||
@rm -rf build/docker
|
||||
for arch in $(LINUX_ARCH); do \
|
||||
mkdir -p build/docker/linux/$${arch} ;\
|
||||
tar -xzf release/$(NAME)_$(VERSION)_linux_$${arch}.tgz -C build/docker/linux/$${arch} ;\
|
||||
cp Dockerfile build/docker/linux/$${arch} ;\
|
||||
docker build -t $(DOCKER_IMAGE_NAME)-$${arch}:$(VERSION) build/docker/linux/$${arch} ;\
|
||||
docker tag $(DOCKER_IMAGE_NAME)-$${arch}:$(VERSION) $(DOCKER_IMAGE_NAME)-$${arch}:latest ;\
|
||||
done
|
||||
endif
|
||||
|
||||
.PHONY: docker-push
|
||||
docker-push:
|
||||
ifeq ($(DOCKER),)
|
||||
$(error "Please specify Docker registry to use. Use DOCKER=coredns for releases")
|
||||
else
|
||||
@# Experimental CLI is required for docker manifest to work
|
||||
@# Pushes coredns/coredns-$arch:$version images
|
||||
@# Creates manifest for multi-arch image
|
||||
@# Pushes multi-arch image to coredns/coredns:$version
|
||||
export DOCKER_CLI_EXPERIMENTAL=enabled
|
||||
@echo $(DOCKER_PASSWORD) | docker login -u $(DOCKER_LOGIN) --password-stdin
|
||||
@echo Pushing: $(VERSION) to $(DOCKER_IMAGE_NAME)
|
||||
for arch in $(LINUX_ARCH); do \
|
||||
docker push $(DOCKER_IMAGE_NAME)-$${arch}:$(VERSION) ;\
|
||||
docker push $(DOCKER_IMAGE_NAME)-$${arch}:latest ;\
|
||||
done
|
||||
docker manifest create --amend $(DOCKER_IMAGE_NAME):$(VERSION) $(DOCKER_IMAGE_LIST_VERSIONED)
|
||||
docker manifest create --amend $(DOCKER_IMAGE_NAME):latest $(DOCKER_IMAGE_LIST_LATEST)
|
||||
for arch in $(LINUX_ARCH); do \
|
||||
docker manifest annotate --arch $${arch} $(DOCKER_IMAGE_NAME):$(VERSION) $(DOCKER_IMAGE_NAME)-$${arch}:$(VERSION) ;\
|
||||
docker manifest annotate --arch $${arch} $(DOCKER_IMAGE_NAME):latest $(DOCKER_IMAGE_NAME)-$${arch}:latest ;\
|
||||
done
|
||||
docker manifest push --purge $(DOCKER_IMAGE_NAME):$(VERSION)
|
||||
docker manifest push --purge $(DOCKER_IMAGE_NAME):latest
|
||||
endif
|
||||
|
||||
.PHONY: version
|
||||
version:
|
||||
@echo $(VERSION)
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf release
|
||||
rm -rf build
|
||||
|
||||
.PHONY: notes
|
||||
notes:
|
||||
@$(MAKE) -s -f Makefile.release authors
|
||||
@echo
|
||||
@$(MAKE) -s -f Makefile.release prs
|
||||
|
||||
.PHONY: prs
|
||||
prs:
|
||||
@echo "## Noteworthy Changes"
|
||||
@echo
|
||||
@git log $$(git describe --tags --abbrev=0)..HEAD --oneline | awk ' { $$1="";print } ' | sed 's/^ //' | sed -e 's|#\([0-9]\)|https://github.com/coredns/coredns/pull/\1|' | \
|
||||
grep -v '^build(deps)' | \
|
||||
grep -v '^auto go mod tidy' | grep -v '^auto remove' | grep -v '^auto make' | sed 's/^/* /'
|
||||
|
||||
.PHONY: authors
|
||||
authors:
|
||||
@echo "## Brought to You By"
|
||||
@echo
|
||||
@git log --pretty=format:'%an' $$(git describe --tags --abbrev=0)..master | sort -u | grep -v '^coredns-auto' | grep -v '^coredns\[bot\]' | grep -v '^dependabot-preview' | \
|
||||
tac | cat -n | sed -e 's/^[[:space:]]\+1[[:space:]]\+\(.*\)/\1./' | sed -e 's/^[[:space:]]\+[[:digit:]]\+[[:space:]]\+\(.*\)/\1,/' | tac # comma separate, with dot at the end
|
|
@ -1 +0,0 @@
|
|||
.github/SECURITY.md
|
|
@ -3,5 +3,5 @@ package core
|
|||
|
||||
import (
|
||||
// plug in the server
|
||||
_ "github.com/coredns/coredns/core/dnsserver"
|
||||
_ "coredns/core/dnsserver"
|
||||
)
|
||||
|
|
|
@ -5,8 +5,8 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"coredns/caddy"
|
||||
"coredns/plugin"
|
||||
)
|
||||
|
||||
// Config configuration for a single server.
|
||||
|
|
|
@ -4,7 +4,7 @@ import (
|
|||
"net"
|
||||
"net/http"
|
||||
|
||||
"github.com/coredns/coredns/plugin/pkg/nonwriter"
|
||||
"coredns/plugin/pkg/nonwriter"
|
||||
)
|
||||
|
||||
// DoHWriter is a nonwriter.Writer that adds more specific LocalAddr and RemoteAddr methods.
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
package dnsserver
|
||||
|
||||
import clog "github.com/coredns/coredns/plugin/pkg/log"
|
||||
import clog "coredns/plugin/pkg/log"
|
||||
|
||||
func init() { clog.Discard() }
|
||||
|
|
|
@ -6,11 +6,11 @@ import (
|
|||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/caddy/caddyfile"
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"github.com/coredns/coredns/plugin/pkg/parse"
|
||||
"github.com/coredns/coredns/plugin/pkg/transport"
|
||||
"coredns/caddy"
|
||||
"coredns/caddyfile"
|
||||
"coredns/plugin"
|
||||
"coredns/plugin/pkg/parse"
|
||||
"coredns/plugin/pkg/transport"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
@ -66,17 +66,6 @@ func (h *dnsContext) InspectServerBlocks(sourceFile string, serverBlocks []caddy
|
|||
for ik, k := range s.Keys {
|
||||
trans, k1 := parse.Transport(k) // get rid of any dns:// or other scheme.
|
||||
hosts, port, err := plugin.SplitHostPort(k1)
|
||||
// We need to make this a fully qualified domain name to catch all errors here and not later when
|
||||
// plugin.Normalize is called again on these strings, with the prime difference being that the domain
|
||||
// name is fully qualified. This was found by fuzzing where "ȶ" is deemed OK, but "ȶ." is not (might be a
|
||||
// bug in miekg/dns actually). But here we were checking ȶ, which is OK, and later we barf in ȶ. leading to
|
||||
// "index out of range".
|
||||
for ih := range hosts {
|
||||
_, _, err := plugin.SplitHostPort(dns.Fqdn(hosts[ih]))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -10,16 +10,16 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"github.com/coredns/coredns/plugin/metrics/vars"
|
||||
"github.com/coredns/coredns/plugin/pkg/edns"
|
||||
"github.com/coredns/coredns/plugin/pkg/log"
|
||||
"github.com/coredns/coredns/plugin/pkg/rcode"
|
||||
"github.com/coredns/coredns/plugin/pkg/reuseport"
|
||||
"github.com/coredns/coredns/plugin/pkg/trace"
|
||||
"github.com/coredns/coredns/plugin/pkg/transport"
|
||||
"github.com/coredns/coredns/request"
|
||||
"coredns/caddy"
|
||||
"coredns/plugin"
|
||||
"coredns/plugin/metrics/vars"
|
||||
"coredns/plugin/pkg/edns"
|
||||
"coredns/plugin/pkg/log"
|
||||
"coredns/plugin/pkg/rcode"
|
||||
"coredns/plugin/pkg/reuseport"
|
||||
"coredns/plugin/pkg/trace"
|
||||
"coredns/plugin/pkg/transport"
|
||||
"coredns/request"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
ot "github.com/opentracing/opentracing-go"
|
||||
|
|
|
@ -7,10 +7,10 @@ import (
|
|||
"fmt"
|
||||
"net"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/pb"
|
||||
"github.com/coredns/coredns/plugin/pkg/reuseport"
|
||||
"github.com/coredns/coredns/plugin/pkg/transport"
|
||||
"coredns/caddy"
|
||||
"coredns/pb"
|
||||
"coredns/plugin/pkg/reuseport"
|
||||
"coredns/plugin/pkg/transport"
|
||||
|
||||
"github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc"
|
||||
"github.com/miekg/dns"
|
||||
|
|
|
@ -9,12 +9,12 @@ import (
|
|||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/plugin/pkg/dnsutil"
|
||||
"github.com/coredns/coredns/plugin/pkg/doh"
|
||||
"github.com/coredns/coredns/plugin/pkg/response"
|
||||
"github.com/coredns/coredns/plugin/pkg/reuseport"
|
||||
"github.com/coredns/coredns/plugin/pkg/transport"
|
||||
"coredns/caddy"
|
||||
"coredns/plugin/pkg/dnsutil"
|
||||
"coredns/plugin/pkg/doh"
|
||||
"coredns/plugin/pkg/response"
|
||||
"coredns/plugin/pkg/reuseport"
|
||||
"coredns/plugin/pkg/transport"
|
||||
)
|
||||
|
||||
// ServerHTTPS represents an instance of a DNS-over-HTTPS server.
|
||||
|
|
|
@ -4,9 +4,9 @@ import (
|
|||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"github.com/coredns/coredns/plugin/pkg/log"
|
||||
"github.com/coredns/coredns/plugin/test"
|
||||
"coredns/plugin"
|
||||
"coredns/plugin/pkg/log"
|
||||
"coredns/plugin/test"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -6,9 +6,9 @@ import (
|
|||
"fmt"
|
||||
"net"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/plugin/pkg/reuseport"
|
||||
"github.com/coredns/coredns/plugin/pkg/transport"
|
||||
"coredns/caddy"
|
||||
"coredns/plugin/pkg/reuseport"
|
||||
"coredns/plugin/pkg/transport"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -19,16 +19,13 @@ var Directives = []string{
|
|||
"root",
|
||||
"bind",
|
||||
"debug",
|
||||
"trace",
|
||||
"ready",
|
||||
"health",
|
||||
"pprof",
|
||||
"prometheus",
|
||||
"errors",
|
||||
"log",
|
||||
"dnstap",
|
||||
"local",
|
||||
"dns64",
|
||||
"acl",
|
||||
"any",
|
||||
"chaos",
|
||||
|
@ -41,15 +38,9 @@ var Directives = []string{
|
|||
"template",
|
||||
"transfer",
|
||||
"hosts",
|
||||
"route53",
|
||||
"azure",
|
||||
"clouddns",
|
||||
"k8s_external",
|
||||
"kubernetes",
|
||||
"file",
|
||||
"auto",
|
||||
"secondary",
|
||||
"etcd",
|
||||
"loop",
|
||||
"forward",
|
||||
"grpc",
|
||||
|
|
|
@ -4,51 +4,42 @@ package plugin
|
|||
|
||||
import (
|
||||
// Include all plugins.
|
||||
_ "github.com/coredns/caddy/onevent"
|
||||
_ "github.com/coredns/coredns/plugin/acl"
|
||||
_ "github.com/coredns/coredns/plugin/any"
|
||||
_ "github.com/coredns/coredns/plugin/auto"
|
||||
_ "github.com/coredns/coredns/plugin/autopath"
|
||||
_ "github.com/coredns/coredns/plugin/azure"
|
||||
_ "github.com/coredns/coredns/plugin/bind"
|
||||
_ "github.com/coredns/coredns/plugin/bufsize"
|
||||
_ "github.com/coredns/coredns/plugin/cache"
|
||||
_ "github.com/coredns/coredns/plugin/cancel"
|
||||
_ "github.com/coredns/coredns/plugin/chaos"
|
||||
_ "github.com/coredns/coredns/plugin/clouddns"
|
||||
_ "github.com/coredns/coredns/plugin/debug"
|
||||
_ "github.com/coredns/coredns/plugin/dns64"
|
||||
_ "github.com/coredns/coredns/plugin/dnssec"
|
||||
_ "github.com/coredns/coredns/plugin/dnstap"
|
||||
_ "github.com/coredns/coredns/plugin/erratic"
|
||||
_ "github.com/coredns/coredns/plugin/errors"
|
||||
_ "github.com/coredns/coredns/plugin/etcd"
|
||||
_ "github.com/coredns/coredns/plugin/file"
|
||||
_ "github.com/coredns/coredns/plugin/forward"
|
||||
_ "github.com/coredns/coredns/plugin/grpc"
|
||||
_ "github.com/coredns/coredns/plugin/health"
|
||||
_ "github.com/coredns/coredns/plugin/hosts"
|
||||
_ "github.com/coredns/coredns/plugin/k8s_external"
|
||||
_ "github.com/coredns/coredns/plugin/kubernetes"
|
||||
_ "github.com/coredns/coredns/plugin/loadbalance"
|
||||
_ "github.com/coredns/coredns/plugin/local"
|
||||
_ "github.com/coredns/coredns/plugin/log"
|
||||
_ "github.com/coredns/coredns/plugin/loop"
|
||||
_ "github.com/coredns/coredns/plugin/metadata"
|
||||
_ "github.com/coredns/coredns/plugin/metrics"
|
||||
_ "github.com/coredns/coredns/plugin/minimal"
|
||||
_ "github.com/coredns/coredns/plugin/nsid"
|
||||
_ "github.com/coredns/coredns/plugin/pprof"
|
||||
_ "github.com/coredns/coredns/plugin/ready"
|
||||
_ "github.com/coredns/coredns/plugin/reload"
|
||||
_ "github.com/coredns/coredns/plugin/rewrite"
|
||||
_ "github.com/coredns/coredns/plugin/root"
|
||||
_ "github.com/coredns/coredns/plugin/route53"
|
||||
_ "github.com/coredns/coredns/plugin/secondary"
|
||||
_ "github.com/coredns/coredns/plugin/sign"
|
||||
_ "github.com/coredns/coredns/plugin/template"
|
||||
_ "github.com/coredns/coredns/plugin/tls"
|
||||
_ "github.com/coredns/coredns/plugin/trace"
|
||||
_ "github.com/coredns/coredns/plugin/transfer"
|
||||
_ "github.com/coredns/coredns/plugin/whoami"
|
||||
_ "coredns/plugin/acl"
|
||||
_ "coredns/plugin/any"
|
||||
_ "coredns/plugin/auto"
|
||||
_ "coredns/plugin/autopath"
|
||||
_ "coredns/plugin/bind"
|
||||
_ "coredns/plugin/bufsize"
|
||||
_ "coredns/plugin/cache"
|
||||
_ "coredns/plugin/cancel"
|
||||
_ "coredns/plugin/chaos"
|
||||
_ "coredns/plugin/debug"
|
||||
_ "coredns/plugin/dnssec"
|
||||
_ "coredns/plugin/dnstap"
|
||||
_ "coredns/plugin/erratic"
|
||||
_ "coredns/plugin/errors"
|
||||
_ "coredns/plugin/file"
|
||||
_ "coredns/plugin/forward"
|
||||
_ "coredns/plugin/grpc"
|
||||
_ "coredns/plugin/health"
|
||||
_ "coredns/plugin/hosts"
|
||||
_ "coredns/plugin/loadbalance"
|
||||
_ "coredns/plugin/local"
|
||||
_ "coredns/plugin/log"
|
||||
_ "coredns/plugin/loop"
|
||||
_ "coredns/plugin/metadata"
|
||||
_ "coredns/plugin/minimal"
|
||||
_ "coredns/plugin/nsid"
|
||||
_ "coredns/plugin/pprof"
|
||||
_ "coredns/plugin/ready"
|
||||
_ "coredns/plugin/reload"
|
||||
_ "coredns/plugin/rewrite"
|
||||
_ "coredns/plugin/root"
|
||||
_ "coredns/plugin/secondary"
|
||||
_ "coredns/plugin/sign"
|
||||
_ "coredns/plugin/template"
|
||||
_ "coredns/plugin/tls"
|
||||
_ "coredns/plugin/transfer"
|
||||
_ "coredns/plugin/whoami"
|
||||
_ "coredns/caddy/onevent"
|
||||
)
|
||||
|
|
|
@ -4,8 +4,8 @@ package main
|
|||
//go:generate go run owners_generate.go
|
||||
|
||||
import (
|
||||
_ "github.com/coredns/coredns/core/plugin" // Plug in CoreDNS.
|
||||
"github.com/coredns/coredns/coremain"
|
||||
_ "coredns/core/plugin" // Plug in CoreDNS.
|
||||
"coredns/coremain"
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
|
|
@ -10,8 +10,8 @@ import (
|
|||
"runtime"
|
||||
"strings"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/core/dnsserver"
|
||||
"coredns/caddy"
|
||||
"coredns/core/dnsserver"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
|
@ -2,7 +2,7 @@ package coremain
|
|||
|
||||
// Various CoreDNS constants.
|
||||
const (
|
||||
CoreVersion = "1.8.3"
|
||||
coreName = "CoreDNS"
|
||||
CoreVersion = "0.0.1"
|
||||
coreName = "tcp-direct-dns"
|
||||
serverType = "dns"
|
||||
)
|
||||
|
|
|
@ -108,7 +108,7 @@ func formatAndWrite(file string, data string) error {
|
|||
}
|
||||
|
||||
const (
|
||||
pluginPath = "github.com/coredns/coredns/plugin/"
|
||||
pluginPath = "coredns/plugin/"
|
||||
pluginFile = "plugin.cfg"
|
||||
pluginFSPath = "plugin/" // Where the plugins are located on the file system
|
||||
header = "// generated by directives_generate.go; DO NOT EDIT\n\n"
|
||||
|
|
36
go.mod
36
go.mod
|
@ -1,41 +1,29 @@
|
|||
module github.com/coredns/coredns
|
||||
module coredns
|
||||
|
||||
go 1.16
|
||||
|
||||
require (
|
||||
github.com/Azure/azure-sdk-for-go v53.3.0+incompatible
|
||||
github.com/Azure/go-autorest/autorest v0.11.18
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.5.7
|
||||
github.com/Azure/go-autorest/autorest/to v0.2.0 // indirect
|
||||
github.com/DataDog/datadog-go v3.5.0+incompatible // indirect
|
||||
github.com/apparentlymart/go-cidr v1.1.0
|
||||
github.com/aws/aws-sdk-go v1.38.45
|
||||
github.com/coredns/caddy v1.1.0
|
||||
github.com/dnstap/golang-dnstap v0.4.0
|
||||
github.com/farsightsec/golang-framestream v0.3.0
|
||||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568
|
||||
github.com/golang/protobuf v1.5.2
|
||||
github.com/google/uuid v1.1.2
|
||||
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645
|
||||
github.com/hashicorp/golang-lru v0.5.4 // indirect
|
||||
github.com/imdario/mergo v0.3.12 // indirect
|
||||
github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.1
|
||||
github.com/miekg/dns v1.1.42
|
||||
github.com/opentracing/opentracing-go v1.2.0
|
||||
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5
|
||||
github.com/openzipkin/zipkin-go v0.2.2
|
||||
github.com/philhofer/fwd v1.1.1 // indirect
|
||||
github.com/prometheus/client_golang v1.10.0
|
||||
github.com/prometheus/client_model v0.2.0
|
||||
github.com/prometheus/common v0.25.0
|
||||
go.etcd.io/etcd/api/v3 v3.5.0-beta.3
|
||||
go.etcd.io/etcd/client/v3 v3.5.0-beta.3
|
||||
github.com/prometheus/common v0.24.0
|
||||
github.com/stretchr/testify v1.6.1 // indirect
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
|
||||
golang.org/x/sys v0.0.0-20210514084401-e8d321eab015
|
||||
google.golang.org/api v0.47.0
|
||||
google.golang.org/grpc v1.38.0
|
||||
gopkg.in/DataDog/dd-trace-go.v1 v1.28.0
|
||||
k8s.io/api v0.21.1
|
||||
k8s.io/apimachinery v0.21.1
|
||||
k8s.io/client-go v0.21.1
|
||||
k8s.io/klog v1.0.0
|
||||
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 // indirect
|
||||
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57
|
||||
golang.org/x/text v0.3.4 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
|
||||
google.golang.org/grpc v1.37.1
|
||||
)
|
||||
|
||||
replace github.com/coreos/bbolt => go.etcd.io/bbolt v1.3.4
|
||||
|
|
538
go.sum
538
go.sum
|
@ -1,77 +1,7 @@
|
|||
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
|
||||
cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
|
||||
cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
|
||||
cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
|
||||
cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
|
||||
cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
|
||||
cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
|
||||
cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
|
||||
cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
|
||||
cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
|
||||
cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
|
||||
cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
|
||||
cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
|
||||
cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
|
||||
cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
|
||||
cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
|
||||
cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
|
||||
cloud.google.com/go v0.81.0 h1:at8Tk2zUz63cLPR0JPWm5vp77pEZmzxEQBEfRKn1VV8=
|
||||
cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
|
||||
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
|
||||
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
|
||||
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
|
||||
cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
|
||||
cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
|
||||
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
|
||||
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
|
||||
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
|
||||
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
|
||||
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
|
||||
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
|
||||
cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
|
||||
cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
|
||||
cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
|
||||
cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
|
||||
cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
|
||||
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
|
||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||
github.com/Azure/azure-sdk-for-go v53.3.0+incompatible h1:DFyCwv0VetPlvKYckSGJRYWUSc+NKRDSryVWVvvVkFw=
|
||||
github.com/Azure/azure-sdk-for-go v53.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
|
||||
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
|
||||
github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
|
||||
github.com/Azure/go-autorest/autorest v0.11.17/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
|
||||
github.com/Azure/go-autorest/autorest v0.11.18 h1:90Y4srNYrwOtAgVo3ndrQkTYn6kf1Eg/AjTFJ8Is2aM=
|
||||
github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.11/go.mod h1:nBKAnTomx8gDtl+3ZCJv2v0KACFHWTB2drffI1B68Pk=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.13 h1:Mp5hbtOePIzM8pJVRa3YLrWWmZtoxRXqUEzCfJt3+/Q=
|
||||
github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M=
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.5.7 h1:8DQB8yl7aLQuP+nuR5e2RO6454OvFlSTXXaNHshc16s=
|
||||
github.com/Azure/go-autorest/autorest/azure/auth v0.5.7/go.mod h1:AkzUsqkrdmNhfP2i54HqINVQopw0CLDnvHpJ88Zz1eI=
|
||||
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 h1:dMOmEJfkLKW/7JsokJqkyoYSgmR08hi9KrhjZb+JALY=
|
||||
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM=
|
||||
github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
|
||||
github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
|
||||
github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
|
||||
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
|
||||
github.com/Azure/go-autorest/autorest/to v0.2.0 h1:nQOZzFCudTh+TvquAtCRjM01VEYx85e9qbwt5ncW4L8=
|
||||
github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
|
||||
github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
|
||||
github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
|
||||
github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
|
||||
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
|
||||
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||
github.com/DataDog/datadog-go v3.5.0+incompatible h1:AShr9cqkF+taHjyQgcBcQUt/ZNK+iPq4ROaZwSX5c/U=
|
||||
github.com/DataDog/datadog-go v3.5.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
|
||||
github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
|
||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
|
||||
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||
github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
|
||||
github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
|
||||
github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
|
||||
|
@ -81,7 +11,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
|
|||
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
|
||||
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
|
||||
github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
|
||||
github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
|
||||
github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU=
|
||||
|
@ -90,11 +19,8 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
|
|||
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
|
||||
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||
github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
|
||||
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
|
||||
github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
|
||||
github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
|
||||
github.com/aws/aws-sdk-go v1.38.45 h1:pQmv1vT/voRAjENnPsT4WobFBgLwnODDFogrt2kXc7M=
|
||||
github.com/aws/aws-sdk-go v1.38.45/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
|
||||
github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
|
@ -106,117 +32,60 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
|
|||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
|
||||
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
|
||||
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
|
||||
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
|
||||
github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
|
||||
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
|
||||
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
|
||||
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
|
||||
github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
|
||||
github.com/coredns/caddy v1.1.0 h1:ezvsPrT/tA/7pYDBZxu0cT0VmWk75AfIaf6GSYCNMf0=
|
||||
github.com/coredns/caddy v1.1.0/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4=
|
||||
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
|
||||
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
|
||||
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
|
||||
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 h1:u9SHYsPQNyt5tgDm3YN7+9dYrpK96E5wFilTFWIDZOM=
|
||||
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||
github.com/coreos/go-systemd/v22 v22.3.1 h1:7OO2CXWMYNDdaAzP51t4lCCZWwpQHmvPbm9sxWjm3So=
|
||||
github.com/coreos/go-systemd/v22 v22.3.1/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||
github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
|
||||
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
|
||||
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
|
||||
github.com/dnstap/golang-dnstap v0.4.0 h1:KRHBoURygdGtBjDI2w4HifJfMAhhOqDuktAokaSa234=
|
||||
github.com/dnstap/golang-dnstap v0.4.0/go.mod h1:FqsSdH58NAmkAvKcpyxht7i4FoBjKu8E4JUPt8ipSUs=
|
||||
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
|
||||
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
|
||||
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
|
||||
github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
|
||||
github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
|
||||
github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
|
||||
github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
|
||||
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
|
||||
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
|
||||
github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
|
||||
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
|
||||
github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
|
||||
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
|
||||
github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
|
||||
github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||
github.com/farsightsec/golang-framestream v0.3.0 h1:/spFQHucTle/ZIPkYqrfshQqPe2VQEzesH243TjIwqA=
|
||||
github.com/farsightsec/golang-framestream v0.3.0/go.mod h1:eNde4IQyEiA5br02AouhEHCu3p3UzrCdFR4LuQHklMI=
|
||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
|
||||
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
|
||||
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
|
||||
github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
|
||||
github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
|
||||
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
|
||||
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
||||
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
|
||||
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
|
||||
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
|
||||
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
|
||||
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
|
||||
github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
|
||||
github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
|
||||
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
|
||||
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
|
||||
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
|
||||
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
|
||||
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
|
||||
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
||||
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||
github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
|
||||
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||
github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
|
||||
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
|
||||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
|
||||
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||
github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
|
||||
github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
|
||||
github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
|
||||
github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
|
||||
github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
|
||||
github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
|
||||
github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
|
||||
github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
|
||||
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
|
||||
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
|
||||
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
|
||||
|
@ -226,7 +95,6 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
|
|||
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
|
||||
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
|
||||
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
|
||||
github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
|
||||
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
|
||||
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
|
||||
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||
|
@ -236,53 +104,23 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
|
|||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
|
||||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
|
||||
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
|
||||
github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
|
||||
github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
|
||||
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
|
||||
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
|
||||
github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
|
||||
github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
|
||||
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
|
||||
github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
|
||||
github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
|
||||
github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
|
||||
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
|
||||
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
|
||||
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
|
||||
github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
|
||||
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
|
||||
github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyycI+I=
|
||||
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
|
||||
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
|
||||
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
|
||||
github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
|
||||
github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
|
||||
github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
|
||||
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
|
||||
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
|
||||
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
|
||||
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU=
|
||||
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw=
|
||||
github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
|
||||
|
@ -301,60 +139,37 @@ github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
|
|||
github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
|
||||
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
|
||||
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
|
||||
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
|
||||
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
|
||||
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
|
||||
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
|
||||
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
|
||||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||
github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
|
||||
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||
github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
|
||||
github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU=
|
||||
github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
|
||||
github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9 h1:w66aaP3c6SIQ0pi3QH1Tb4AMO3aWoEPxd1CNvLphbkA=
|
||||
github.com/infobloxopen/go-trees v0.0.0-20200715205103-96a057b8dfb9/go.mod h1:BaIJzjD2ZnHmx2acPF6XfGLPzNCMiBbMRqJr+8/8uRI=
|
||||
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
|
||||
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
|
||||
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
|
||||
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
|
||||
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
|
||||
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
|
||||
github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
|
||||
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
|
||||
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
||||
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
||||
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
||||
github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
|
||||
github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
||||
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
|
||||
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
|
||||
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
|
||||
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
|
||||
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
|
||||
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
|
||||
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
|
||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
|
||||
github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
|
||||
github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
|
||||
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
||||
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
|
||||
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
|
||||
|
@ -367,24 +182,17 @@ github.com/miekg/dns v1.1.42 h1:gWGe42RGaIqXQZ+r3WUGEKBEtvPHY2SXo4dqixDNxuY=
|
|||
github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
|
||||
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
|
||||
github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
|
||||
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
|
||||
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
|
||||
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
|
||||
github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
|
||||
github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
|
||||
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
||||
github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
|
||||
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
||||
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
|
||||
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
|
||||
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
|
||||
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
|
||||
github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
|
||||
github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
|
||||
github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
|
||||
|
@ -392,46 +200,31 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE
|
|||
github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
|
||||
github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
|
||||
github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
|
||||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
|
||||
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
|
||||
github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
|
||||
github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
|
||||
github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
|
||||
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||
github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw=
|
||||
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
|
||||
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||
github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
|
||||
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
|
||||
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 h1:lM6RxxfUMrYL/f8bWEUqdXrANWtrL7Nndbm9iFN0DlU=
|
||||
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
|
||||
github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
|
||||
github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
|
||||
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
|
||||
github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
|
||||
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
|
||||
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5 h1:ZCnq+JUrvXcDVhX/xRolRBZifmabN1HcS1wrPSvxhrU=
|
||||
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA=
|
||||
github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
|
||||
github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
|
||||
github.com/openzipkin/zipkin-go v0.2.2 h1:nY8Hti+WKaP0cRsSeQ026wU03QsM762XBeCXBb9NAWI=
|
||||
github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
|
||||
github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
|
||||
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
|
||||
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
|
||||
github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
|
||||
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
|
||||
github.com/philhofer/fwd v1.1.1 h1:GdGcTjf5RNAxwS4QLsiMzJYj5KEvPJD3Abr261yRQXQ=
|
||||
github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
|
||||
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
|
||||
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
|
||||
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
|
@ -441,7 +234,6 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
|
|||
github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
|
||||
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
|
||||
github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
|
||||
github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
|
||||
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
|
||||
github.com/prometheus/client_golang v1.10.0 h1:/o0BDeWzLWXNZ+4q5gXltUvaMpJqckTa+jTNoB+z4cg=
|
||||
github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU=
|
||||
|
@ -455,11 +247,10 @@ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T
|
|||
github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
|
||||
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
|
||||
github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
|
||||
github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
|
||||
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
|
||||
github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
|
||||
github.com/prometheus/common v0.25.0 h1:IjJYZJCI8HZYtqA3xYwGyDzSCy1r4CA2GRh+4vdOmtE=
|
||||
github.com/prometheus/common v0.25.0/go.mod h1:H6QK/N6XVT42whUeIdI3dp36w49c+/iMDk7UAI2qm7Q=
|
||||
github.com/prometheus/common v0.24.0 h1:aIycr3wRFxPUq8XlLQlGQ9aNXV3dFi5y62pe/SB262k=
|
||||
github.com/prometheus/common v0.24.0/go.mod h1:H6QK/N6XVT42whUeIdI3dp36w49c+/iMDk7UAI2qm7Q=
|
||||
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
|
||||
|
@ -469,7 +260,6 @@ github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3x
|
|||
github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
|
||||
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
|
||||
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
|
||||
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
|
||||
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||
|
@ -483,117 +273,52 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
|
|||
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
|
||||
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
|
||||
github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
|
||||
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
|
||||
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
|
||||
github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
||||
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
||||
github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
|
||||
github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
|
||||
github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
|
||||
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
|
||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
|
||||
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/tinylib/msgp v1.1.2 h1:gWmO7n0Ys2RBEb7GPYB9Ujq8Mk5p2U08lRnmMcGy6BQ=
|
||||
github.com/tinylib/msgp v1.1.2/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
|
||||
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
|
||||
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
|
||||
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
|
||||
go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0fZcnECiDrKJsfxka0=
|
||||
go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
|
||||
go.etcd.io/etcd/api/v3 v3.5.0-beta.3 h1:FdNjTxZpH98oWWTtOjhz0EU7sILw9giVIW+M3dzZFOg=
|
||||
go.etcd.io/etcd/api/v3 v3.5.0-beta.3/go.mod h1:yF0YUmBghT48aC0/eTFrhULo+uKQAr5spQQ6sRhPauE=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.3 h1:fh2cSzLD4OeGVy164WtilS9hAQYmQ2BC6Fh/akRR1b0=
|
||||
go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.3/go.mod h1:a+pbz+UrcOpvve1Qxf6tGovi15PjgtRhi0QTO2Nlc4U=
|
||||
go.etcd.io/etcd/client/v3 v3.5.0-beta.3 h1:r88iXU/blpfMu7FMSvhEZJPT/5IROselyNnlR2XCYA8=
|
||||
go.etcd.io/etcd/client/v3 v3.5.0-beta.3/go.mod h1:vWjHXU+j44Z92kL/WjCMh8sXV5J4Sk2e6cjYK9y6Yz8=
|
||||
go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
|
||||
go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
|
||||
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
|
||||
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
|
||||
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||
go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
|
||||
go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
|
||||
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
|
||||
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
|
||||
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
|
||||
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
|
||||
go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
|
||||
go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
|
||||
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
|
||||
go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
|
||||
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
|
||||
go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
|
||||
go.uber.org/zap v1.16.1-0.20210329175301-c23abee72d19 h1:040c3dLNhgFQkoojH2AMpHCy4SrvhmxdU72d9GLGGE0=
|
||||
go.uber.org/zap v1.16.1-0.20210329175301-c23abee72d19/go.mod h1:aMfIlz3TDBfB0BwTCKFU1XbEmj9zevr5S5LcBr85MXw=
|
||||
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 h1:It14KIkyBFYkHkwZ7k45minvA9aorojkyjGk9KJ5B/w=
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
||||
golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
|
||||
golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
|
||||
golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
|
||||
golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
|
||||
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
|
||||
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
|
||||
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
|
||||
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
|
||||
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
|
||||
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
|
||||
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
|
||||
golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
|
||||
golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
|
||||
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
|
||||
golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
|
||||
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
|
@ -606,63 +331,23 @@ golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73r
|
|||
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
|
||||
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
|
||||
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
|
||||
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
|
||||
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
|
||||
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
|
||||
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
||||
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420 h1:a8jGStKg0XqKDlKqjLrXn0ioF5MH36pT7Z0BRTqLhbk=
|
||||
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI=
|
||||
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
|
@ -675,243 +360,75 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h
|
|||
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57 h1:F5Gozwx4I1xtr/sr/8CFbb57iKi3297KFs0QDbGN60A=
|
||||
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210514084401-e8d321eab015 h1:hZR0X1kPW+nwyJ9xRxqZk1vx5RUObAPBdKVvXPDUH/E=
|
||||
golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE=
|
||||
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.4 h1:0YWbFKbhXG/wIiuHDSKpS0Iy7FSA+u45VtBMfQcFTTc=
|
||||
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba h1:O8mE0/t419eoIwhTFpKVkHiTs/Igowgfkj25AcZrtiE=
|
||||
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
|
||||
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||
golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||
golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||
golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
|
||||
golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
|
||||
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
|
||||
golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
|
||||
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
|
||||
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
|
||||
golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
|
||||
golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
|
||||
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
|
||||
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
|
||||
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
|
||||
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
|
||||
google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
|
||||
google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
|
||||
google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
|
||||
google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
|
||||
google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
|
||||
google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
|
||||
google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
|
||||
google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
|
||||
google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
|
||||
google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
|
||||
google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
|
||||
google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
|
||||
google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
|
||||
google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
|
||||
google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
|
||||
google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
|
||||
google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
|
||||
google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
|
||||
google.golang.org/api v0.47.0 h1:sQLWZQvP6jPGIP4JGPkJu4zHswrv81iobiyszr3b/0I=
|
||||
google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
|
||||
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
|
||||
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
|
||||
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
|
||||
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
|
||||
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
|
||||
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
|
||||
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
|
||||
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
|
||||
google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
|
||||
google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
|
||||
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
|
||||
google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
|
||||
google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
|
||||
google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
|
||||
google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
|
||||
google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
|
||||
google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
|
||||
google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
|
||||
google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
|
||||
google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
|
||||
google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
|
||||
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY=
|
||||
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
|
||||
google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
|
||||
google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
|
||||
google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
|
||||
google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384 h1:z+j74wi4yV+P7EtK9gPLGukOk7mFOy9wMQaC0wNb7eY=
|
||||
google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
|
||||
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
|
||||
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
|
||||
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
|
||||
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
|
||||
google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
|
||||
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
|
||||
google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
|
||||
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
|
||||
google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
|
||||
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
|
||||
google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
|
||||
google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
|
||||
google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
|
||||
google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
|
||||
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
|
||||
google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
|
||||
google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
|
||||
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
|
||||
google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
|
||||
google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
|
||||
google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
|
||||
google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
|
||||
google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
|
||||
google.golang.org/grpc v1.37.1 h1:ARnQJNWxGyYJpdf/JXscNlQr/uv607ZPU9Z7ogHi+iI=
|
||||
google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
|
||||
google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0=
|
||||
google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
|
||||
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
||||
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
|
||||
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
|
||||
|
@ -920,73 +437,32 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
|
|||
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
|
||||
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
|
||||
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
|
||||
google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
|
||||
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
|
||||
gopkg.in/DataDog/dd-trace-go.v1 v1.28.0 h1:EmglUJuykRsTwsQDcKaAo3CmOunWU6Dqk7U2lo7Pjss=
|
||||
gopkg.in/DataDog/dd-trace-go.v1 v1.28.0/go.mod h1:Sp1lku8WJMvNV0kjDI4Ni/T7J/U3BO5ct5kEaoVU8+I=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
|
||||
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
|
||||
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
|
||||
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
|
||||
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
|
||||
gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
|
||||
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
|
||||
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
|
||||
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
|
||||
gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
|
||||
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
|
||||
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
||||
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||
k8s.io/api v0.21.1 h1:94bbZ5NTjdINJEdzOkpS4vdPhkb1VFpTYC9zh43f75c=
|
||||
k8s.io/api v0.21.1/go.mod h1:FstGROTmsSHBarKc8bylzXih8BLNYTiS3TZcsoEDg2s=
|
||||
k8s.io/apimachinery v0.21.1 h1:Q6XuHGlj2xc+hlMCvqyYfbv3H7SRGn2c8NycxJquDVs=
|
||||
k8s.io/apimachinery v0.21.1/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY=
|
||||
k8s.io/client-go v0.21.1 h1:bhblWYLZKUu+pm50plvQF8WpY6TXdRRtcS/K9WauOj4=
|
||||
k8s.io/client-go v0.21.1/go.mod h1:/kEw4RgW+3xnBGzvp9IWxKSNA+lXn3A7AuH3gdOAzLs=
|
||||
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
|
||||
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
|
||||
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
|
||||
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
|
||||
k8s.io/klog/v2 v2.8.0 h1:Q3gmuM9hKEjefWFFYF0Mat+YyFJvsUyYuwyNNJ5C9Ts=
|
||||
k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
|
||||
k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7 h1:vEx13qjvaZ4yfObSSXW7BrMc/KQBBT/Jyee8XtLf4x0=
|
||||
k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE=
|
||||
k8s.io/utils v0.0.0-20201110183641-67b214c5f920 h1:CbnUZsM497iRC5QMVkHwyl8s2tB3g7yaSHkYPkpgelw=
|
||||
k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
|
||||
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
|
||||
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
|
||||
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.1.0 h1:C4r9BgJ98vrKnnVCjwCSXcWjWe0NKcUQkmzDXZXGwH8=
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.1.0/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
|
||||
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
|
||||
sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
|
||||
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
|
||||
sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
|
||||
|
|
|
@ -1,135 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-ACL" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIacl\fP - enforces access control policies on source ip and prevents unauthorized access to DNS servers.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
With \fB\fCacl\fR enabled, users are able to block or filter suspicious DNS queries by configuring IP filter rule sets, i.e. allowing authorized queries to recurse or blocking unauthorized queries.
|
||||
|
||||
.PP
|
||||
This plugin can be used multiple times per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
acl [ZONES...] {
|
||||
ACTION [type QTYPE...] [net SOURCE...]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones it should be authoritative for. If empty, the zones from the configuration block are used.
|
||||
.IP \(bu 4
|
||||
\fBACTION\fP (\fIallow\fP, \fIblock\fP, or \fIfilter\fP) defines the way to deal with DNS queries matched by this rule. The default action is \fIallow\fP, which means a DNS query not matched by any rules will be allowed to recurse. The difference between \fIblock\fP and \fIfilter\fP is that block returns status code of \fIREFUSED\fP while filter returns an empty set \fINOERROR\fP
|
||||
.IP \(bu 4
|
||||
\fBQTYPE\fP is the query type to match for the requests to be allowed or blocked. Common resource record types are supported. \fB\fC*\fR stands for all record types. The default behavior for an omitted \fB\fCtype QTYPE...\fR is to match all kinds of DNS queries (same as \fB\fCtype *\fR).
|
||||
.IP \(bu 4
|
||||
\fBSOURCE\fP is the source IP address to match for the requests to be allowed or blocked. Typical CIDR notation and single IP address are supported. \fB\fC*\fR stands for all possible source IP addresses.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
To demonstrate the usage of plugin acl, here we provide some typical examples.
|
||||
|
||||
.PP
|
||||
Block all DNS queries with record type A from 192.168.0.0/16:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
acl {
|
||||
block type A net 192.168.0.0/16
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Filter all DNS queries with record type A from 192.168.0.0/16:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
acl {
|
||||
filter type A net 192.168.0.0/16
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Block all DNS queries from 192.168.0.0/16 except for 192.168.1.0/24:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
acl {
|
||||
allow net 192.168.1.0/24
|
||||
block net 192.168.0.0/16
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Allow only DNS queries from 192.168.0.0/24 and 192.168.1.0/24:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
acl {
|
||||
allow net 192.168.0.0/24 192.168.1.0/24
|
||||
block
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Block all DNS queries from 192.168.1.0/24 towards a.example.org:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
acl a.example.org {
|
||||
block net 192.168.1.0/24
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metrics are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_acl_blocked_requests_total{server, zone}\fR - counter of DNS requests being blocked.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_acl_allowed_requests_total{server}\fR - counter of DNS requests being allowed.
|
||||
|
||||
|
||||
.PP
|
||||
The \fB\fCserver\fR and \fB\fCzone\fR labels are explained in the \fImetrics\fP plugin documentation.
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-ANY" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIany\fP - gives a minimal response to ANY queries.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fIany\fP basically blocks ANY queries by responding to them with a short HINFO reply. See RFC
|
||||
8482
|
||||
\[la]https://tools.ietf.org/html/rfc8482\[ra] for details.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
any
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
whoami
|
||||
any
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
A \fB\fCdig +nocmd ANY example.org +noall +answer\fR now returns:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org. 8482 IN HINFO "ANY obsoleted" "See RFC 8482"
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
RFC 8482
|
||||
\[la]https://tools.ietf.org/html/rfc8482\[ra].
|
||||
|
|
@ -1,112 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-AUTO" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIauto\fP - enables serving zone data from an RFC 1035-style master file, which is automatically picked up from disk.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIauto\fP plugin is used for an "old-style" DNS server. It serves from a preloaded file that exists
|
||||
on disk. If the zone file contains signatures (i.e. is signed, i.e. using DNSSEC) correct DNSSEC answers
|
||||
are returned. Only NSEC is supported! If you use this setup \fIyou\fP are responsible for re-signing the
|
||||
zonefile. New or changed zones are automatically picked up from disk only when SOA's serial changes. If the zones are not updated via a zone transfer, the serial must be manually changed.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
auto [ZONES...] {
|
||||
directory DIR [REGEXP ORIGIN\_TEMPLATE]
|
||||
reload DURATION
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
\fBZONES\fP zones it should be authoritative for. If empty, the zones from the configuration block
|
||||
are used.
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCdirectory\fR loads zones from the specified \fBDIR\fP. If a file name matches \fBREGEXP\fP it will be
|
||||
used to extract the origin. \fBORIGIN_TEMPLATE\fP will be used as a template for the origin. Strings
|
||||
like \fB\fC{<number>}\fR are replaced with the respective matches in the file name, e.g. \fB\fC{1}\fR is the
|
||||
first match, \fB\fC{2}\fR is the second. The default is: \fB\fCdb\.(.*) {1}\fR i.e. from a file with the
|
||||
name \fB\fCdb.example.com\fR, the extracted origin will be \fB\fCexample.com\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCreload\fR interval to perform reloads of zones if SOA version changes and zonefiles. It specifies how often CoreDNS should scan the directory to watch for file removal and addition. Default is one minute.
|
||||
Value of \fB\fC0\fR means to not scan for changes and reload. eg. \fB\fC30s\fR checks zonefile every 30 seconds
|
||||
and reloads zone when serial changes.
|
||||
|
||||
|
||||
.PP
|
||||
For enabling zone transfers look at the \fItransfer\fP plugin.
|
||||
|
||||
.PP
|
||||
All directives from the \fIfile\fP plugin are supported. Note that \fIauto\fP will load all zones found,
|
||||
even though the directive might only receive queries for a specific zone. I.e:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
auto example.org {
|
||||
directory /etc/coredns/zones
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Will happily pick up a zone for \fB\fCexample.COM\fR, except it will never be queried, because the \fIauto\fP
|
||||
directive only is authoritative for \fB\fCexample.ORG\fR.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Load \fB\fCorg\fR domains from \fB\fC/etc/coredns/zones/org\fR and allow transfers to the internet, but send
|
||||
notifies to 10.240.1.1
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
org {
|
||||
auto {
|
||||
directory /etc/coredns/zones/org
|
||||
}
|
||||
transfer {
|
||||
to *
|
||||
to 10.240.1.1
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Load \fB\fCorg\fR domains from \fB\fC/etc/coredns/zones/org\fR and looks for file names as \fB\fCwww.db.example.org\fR,
|
||||
where \fB\fCexample.org\fR is the origin. Scan every 45 seconds.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
org {
|
||||
auto {
|
||||
directory /etc/coredns/zones/org www\\.db\\.(.*) {1}
|
||||
reload 45s
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "ALSO"
|
||||
.PP
|
||||
Use the \fIroot\fP plugin to help you specify the location of the zone files. See the \fItransfer\fP plugin
|
||||
to enable outgoing zone transfers.
|
||||
|
|
@ -1,95 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-AUTOPATH" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIautopath\fP - allows for server-side search path completion.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
If the \fIautopath\fP plugin sees a query that matches the first element of the configured search path, it will
|
||||
follow the chain of search path elements and return the first reply that is not NXDOMAIN. On any
|
||||
failures, the original reply is returned. Because \fIautopath\fP returns a reply for a name that wasn't
|
||||
the original question, it will add a CNAME that points from the original name (with the search path
|
||||
element in it) to the name of this answer.
|
||||
|
||||
.PP
|
||||
\fBNote\fP: There are several known issues, see the "Bugs" section below.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
autopath [ZONE...] RESOLV\-CONF
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones \fIautopath\fP should be authoritative for.
|
||||
.IP \(bu 4
|
||||
\fBRESOLV-CONF\fP points to a \fB\fCresolv.conf\fR like file or uses a special syntax to point to another
|
||||
plugin. For instance \fB\fC@kubernetes\fR, will call out to the kubernetes plugin (for each
|
||||
query) to retrieve the search list it should use.
|
||||
|
||||
|
||||
.PP
|
||||
If a plugin implements the \fB\fCAutoPather\fR interface then it can be used by \fIautopath\fP.
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metric is exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_autopath_success_total{server}\fR - counter of successfully autopath-ed queries.
|
||||
|
||||
|
||||
.PP
|
||||
The \fB\fCserver\fR label is explained in the \fImetrics\fP plugin documentation.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
autopath my\-resolv.conf
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Use \fB\fCmy-resolv.conf\fR as the file to get the search path from. This file only needs to have one line:
|
||||
\fB\fCsearch domain1 domain2 ...\fR
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
autopath @kubernetes
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Use the search path dynamically retrieved from the \fIkubernetes\fP plugin.
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
In Kubernetes, \fIautopath\fP can derive the wrong namespace of a client Pod (and therefore wrong search
|
||||
path) in the following case. To properly build the search path of a client \fIautopath\fP needs to know
|
||||
the namespace of the a Pod making a DNS request. To do this, it relies on the \fIkubernetes\fP plugin's
|
||||
Pod cache to resolve the client's IP address to a Pod. The Pod cache is maintained by an API watch
|
||||
on Pods. When Pod IP assignments change, the Kubernetes API notifies CoreDNS via the API watch.
|
||||
However, that notification is not instantaneous. In the case that a Pod is deleted, and it's IP is
|
||||
immediately provisioned to a Pod in another namespace, and that new Pod make a DNS lookup \fIbefore\fP
|
||||
the API watch can notify CoreDNS of the change, \fIautopath\fP will resolve the IP to the previous Pod's
|
||||
namespace.
|
||||
|
||||
.PP
|
||||
In Kubernetes, \fIautopath\fP is not compatible with Pods running from Windows nodes.
|
||||
|
||||
.PP
|
||||
If the server side search ultimately results in a negative answer (e.g. \fB\fCNXDOMAIN\fR), then the client
|
||||
will fruitlessly search all paths manually, thus negating the \fIautopath\fP optimization.
|
||||
|
|
@ -1,74 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-AZURE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIazure\fP - enables serving zone data from Microsoft Azure DNS service.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The azure plugin is useful for serving zones from Microsoft Azure DNS. The \fIazure\fP plugin supports
|
||||
all the DNS records supported by Azure, viz. A, AAAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT
|
||||
record types. NS record type is not supported by azure private DNS.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
azure RESOURCE\_GROUP:ZONE... {
|
||||
tenant TENANT\_ID
|
||||
client CLIENT\_ID
|
||||
secret CLIENT\_SECRET
|
||||
subscription SUBSCRIPTION\_ID
|
||||
environment ENVIRONMENT
|
||||
fallthrough [ZONES...]
|
||||
access private
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBRESOURCE_GROUP:ZONE\fP is the resource group to which the hosted zones belongs on Azure,
|
||||
and \fBZONE\fP the zone that contains data.
|
||||
.IP \(bu 4
|
||||
\fBCLIENT_ID\fP and \fBCLIENT_SECRET\fP are the credentials for Azure, and \fB\fCtenant\fR specifies the
|
||||
\fBTENANT_ID\fP to be used. \fBSUBSCRIPTION_ID\fP is the subscription ID. All of these are needed
|
||||
to access the data in Azure.
|
||||
.IP \(bu 4
|
||||
\fB\fCenvironment\fR specifies the Azure \fBENVIRONMENT\fP.
|
||||
.IP \(bu 4
|
||||
\fB\fCfallthrough\fR If zone matches and no record can be generated, pass request to the next plugin.
|
||||
If \fBZONES\fP is omitted, then fallthrough happens for all zones for which the plugin is
|
||||
authoritative.
|
||||
.IP \(bu 4
|
||||
\fB\fCaccess\fR specifies if the zone is \fB\fCpublic\fR or \fB\fCprivate\fR. Default is \fB\fCpublic\fR.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable the \fIazure\fP plugin with Azure credentials for private zones \fB\fCexample.org\fR, \fB\fCexample.private\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
azure resource\_group\_foo:example.org resource\_group\_foo:example.private {
|
||||
tenant 123abc\-123abc\-123abc\-123abc
|
||||
client 123abc\-123abc\-123abc\-234xyz
|
||||
subscription 123abc\-123abc\-123abc\-563abc
|
||||
secret mysecret
|
||||
access private
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
The Azure DNS Overview
|
||||
\[la]https://docs.microsoft.com/en-us/azure/dns/dns-overview\[ra].
|
||||
|
|
@ -1,119 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-BIND" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIbind\fP - overrides the host to which the server should bind.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
Normally, the listener binds to the wildcard host. However, you may want the listener to bind to
|
||||
another IP instead.
|
||||
|
||||
.PP
|
||||
If several addresses are provided, a listener will be open on each of the IP provided.
|
||||
|
||||
.PP
|
||||
Each address has to be an IP or name of one of the interfaces of the host. Bind by interface name, binds to the IPs on that interface at the time of startup or reload (reload will happen with a SIGHUP or if the config file changes).
|
||||
|
||||
.PP
|
||||
If the given argument is an interface name, and that interface has serveral IP addresses, CoreDNS will listen on all of the interface IP addresses (including IPv4 and IPv6).
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
bind ADDRESS ...
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
\fBADDRESS\fP is an IP address to bind to.
|
||||
When several addresses are provided a listener will be opened on each of the addresses.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
To make your socket accessible only to that machine, bind to IP 127.0.0.1 (localhost):
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
bind 127.0.0.1
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
To allow processing DNS requests only local host on both IPv4 and IPv6 stacks, use the syntax:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
bind 127.0.0.1 ::1
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
If the configuration comes up with several \fIbind\fP plugins, all addresses are consolidated together:
|
||||
The following sample is equivalent to the preceding:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
bind 127.0.0.1
|
||||
bind ::1
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The following server block, binds on localhost with its interface name (both "127.0.0.1" and "::1"):
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
bind lo
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
When defining more than one server block, take care not to bind more than one server to the same
|
||||
address and port. Doing so will result in unpredictable behavior (requests may be randomly
|
||||
served by either server). Keep in mind that \fIwithout\fP the \fIbind\fP plugin, a server will bind to all
|
||||
interfaces, and this will collide with another server if it's using \fIbind\fP to listen to an interface
|
||||
on the same port. For example, the following creates two servers that both listen on 127.0.0.1:53,
|
||||
which would result in unpredictable behavior for queries in \fB\fCa.bad.example.com\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
a.bad.example.com {
|
||||
bind 127.0.0.1
|
||||
forward . 1.2.3.4
|
||||
}
|
||||
|
||||
bad.example.com {
|
||||
forward . 5.6.7.8
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-BUFSIZE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIbufsize\fP - sizes EDNS0 buffer size to prevent IP fragmentation.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fIbufsize\fP limits a requester's UDP payload size.
|
||||
It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
bufsize [SIZE]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
\fB[SIZE]\fP is an int value for setting the buffer size.
|
||||
The default value is 512, and the value must be within 512 - 4096.
|
||||
Only one argument is acceptable, and it covers both IPv4 and IPv6.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable limiting the buffer size of outgoing query to the resolver (172.31.0.10):
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
bufsize 512
|
||||
forward . 172.31.0.10
|
||||
log
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable limiting the buffer size as an authoritative nameserver:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
bufsize 512
|
||||
file db.example.org
|
||||
log
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "CONSIDERATIONS"
|
||||
.IP \(bu 4
|
||||
Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
|
||||
.IP \(bu 4
|
||||
For now, if a client does not use EDNS, this plugin adds OPT RR.
|
||||
|
||||
|
|
@ -1,165 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-CACHE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIcache\fP - enables a frontend cache.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
With \fIcache\fP enabled, all records except zone transfers and metadata records will be cached for up to
|
||||
3600s. Caching is mostly useful in a scenario when fetching data from the backend (upstream,
|
||||
database, etc.) is expensive.
|
||||
|
||||
.PP
|
||||
\fICache\fP will change the query to enable DNSSEC (DNSSEC OK; DO) if it passes through the plugin. If
|
||||
the client didn't request any DNSSEC (records), these are filtered out when replying.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
cache [TTL] [ZONES...]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBTTL\fP max TTL in seconds. If not specified, the maximum TTL will be used, which is 3600 for
|
||||
NOERROR responses and 1800 for denial of existence ones.
|
||||
Setting a TTL of 300: \fB\fCcache 300\fR would cache records up to 300 seconds.
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones it should cache for. If empty, the zones from the configuration block are used.
|
||||
|
||||
|
||||
.PP
|
||||
Each element in the cache is cached according to its TTL (with \fBTTL\fP as the max).
|
||||
A cache is divided into 256 shards, each holding up to 39 items by default - for a total size
|
||||
of 256 * 39 = 9984 items.
|
||||
|
||||
.PP
|
||||
If you want more control:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
cache [TTL] [ZONES...] {
|
||||
success CAPACITY [TTL] [MINTTL]
|
||||
denial CAPACITY [TTL] [MINTTL]
|
||||
prefetch AMOUNT [[DURATION] [PERCENTAGE%]]
|
||||
serve\_stale [DURATION]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBTTL\fP and \fBZONES\fP as above.
|
||||
.IP \(bu 4
|
||||
\fB\fCsuccess\fR, override the settings for caching successful responses. \fBCAPACITY\fP indicates the maximum
|
||||
number of packets we cache before we start evicting (\fIrandomly\fP). \fBTTL\fP overrides the cache maximum TTL.
|
||||
\fBMINTTL\fP overrides the cache minimum TTL (default 5), which can be useful to limit queries to the backend.
|
||||
.IP \(bu 4
|
||||
\fB\fCdenial\fR, override the settings for caching denial of existence responses. \fBCAPACITY\fP indicates the maximum
|
||||
number of packets we cache before we start evicting (LRU). \fBTTL\fP overrides the cache maximum TTL.
|
||||
\fBMINTTL\fP overrides the cache minimum TTL (default 5), which can be useful to limit queries to the backend.
|
||||
There is a third category (\fB\fCerror\fR) but those responses are never cached.
|
||||
.IP \(bu 4
|
||||
\fB\fCprefetch\fR will prefetch popular items when they are about to be expunged from the cache.
|
||||
Popular means \fBAMOUNT\fP queries have been seen with no gaps of \fBDURATION\fP or more between them.
|
||||
\fBDURATION\fP defaults to 1m. Prefetching will happen when the TTL drops below \fBPERCENTAGE\fP,
|
||||
which defaults to \fB\fC10%\fR, or latest 1 second before TTL expiration. Values should be in the range \fB\fC[10%, 90%]\fR.
|
||||
Note the percent sign is mandatory. \fBPERCENTAGE\fP is treated as an \fB\fCint\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCserve_stale\fR, when serve_stale is set, cache always will serve an expired entry to a client if there is one
|
||||
available. When this happens, cache will attempt to refresh the cache entry after sending the expired cache
|
||||
entry to the client. The responses have a TTL of 0. \fBDURATION\fP is how far back to consider
|
||||
stale responses as fresh. The default duration is 1h.
|
||||
|
||||
|
||||
.SH "CAPACITY AND EVICTION"
|
||||
.PP
|
||||
If \fBCAPACITY\fP \fIis not\fP specified, the default cache size is 9984 per cache. The minimum allowed cache size is 1024.
|
||||
If \fBCAPACITY\fP \fIis\fP specified, the actual cache size used will be rounded down to the nearest number divisible by 256 (so all shards are equal in size).
|
||||
|
||||
.PP
|
||||
Eviction is done per shard. In effect, when a shard reaches capacity, items are evicted from that shard.
|
||||
Since shards don't fill up perfectly evenly, evictions will occur before the entire cache reaches full capacity.
|
||||
Each shard capacity is equal to the total cache size / number of shards (256). Eviction is random, not TTL based.
|
||||
Entries with 0 TTL will remain in the cache until randomly evicted when the shard reaches capacity.
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metrics are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_cache_entries{server, type}\fR - Total elements in the cache by cache type.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_cache_hits_total{server, type}\fR - Counter of cache hits by cache type.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_cache_misses_total{server}\fR - Counter of cache misses.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_cache_prefetch_total{server}\fR - Counter of times the cache has prefetched a cached item.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_cache_drops_total{server}\fR - Counter of responses excluded from the cache due to request/response question name mismatch.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_cache_served_stale_total{server}\fR - Counter of requests served from stale cache entries.
|
||||
|
||||
|
||||
.PP
|
||||
Cache types are either "denial" or "success". \fB\fCServer\fR is the server handling the request, see the
|
||||
prometheus plugin for documentation.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable caching for all zones, but cap everything to a TTL of 10 seconds:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
cache 10
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Proxy to Google Public DNS and only cache responses for example.org (or below).
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8:53
|
||||
cache example.org
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable caching for \fB\fCexample.org\fR, keep a positive cache size of 5000 and a negative cache size of 2500:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
cache {
|
||||
success 5000
|
||||
denial 2500
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-CANCEL" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIcancel\fP - cancels a request's context after 5001 milliseconds.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIcancel\fP plugin creates a canceling context for each request. It adds a timeout that gets
|
||||
triggered after 5001 milliseconds.
|
||||
|
||||
.PP
|
||||
The 5001 number was chosen because the default timeout for DNS clients is 5 seconds, after that they
|
||||
give up.
|
||||
|
||||
.PP
|
||||
A plugin interested in the cancellation status should call \fB\fCplugin.Done()\fR on the context. If the
|
||||
context was canceled due to a timeout the plugin should not write anything back to the client and
|
||||
return a value indicating CoreDNS should not either; a zero return value should suffice for that.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
cancel [TIMEOUT]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBTIMEOUT\fP allows setting a custom timeout. The default timeout is 5001 milliseconds (\fB\fC5001 ms\fR)
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
cancel
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or with a custom timeout:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
cancel 1s
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
The Go documentation for the context package.
|
||||
|
|
@ -1,78 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-CHAOS" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIchaos\fP - allows for responding to TXT queries in the CH class.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
This is useful for retrieving version or author information from the server by querying a TXT record
|
||||
for a special domain name in the CH class.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
chaos [VERSION] [AUTHORS...]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBVERSION\fP is the version to return. Defaults to \fB\fCCoreDNS-<version>\fR, if not set.
|
||||
.IP \(bu 4
|
||||
\fBAUTHORS\fP is what authors to return. This defaults to all GitHub handles in the OWNERS files.
|
||||
|
||||
|
||||
.PP
|
||||
Note that you have to make sure that this plugin will get actual queries for the
|
||||
following zones: \fB\fCversion.bind\fR, \fB\fCversion.server\fR, \fB\fCauthors.bind\fR, \fB\fChostname.bind\fR and
|
||||
\fB\fCid.server\fR.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Specify all the zones in full.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
version.bind version.server authors.bind hostname.bind id.server {
|
||||
chaos CoreDNS\-001 info@coredns.io
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or just default to \fB\fC.\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
chaos CoreDNS\-001 info@coredns.io
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
And test with \fB\fCdig\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% dig @localhost CH TXT version.bind
|
||||
\&...
|
||||
;; ANSWER SECTION:
|
||||
version.bind. 0 CH TXT "CoreDNS\-001"
|
||||
\&...
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,96 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-CLOUDDNS" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIclouddns\fP - enables serving zone data from GCP Cloud DNS.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIclouddns\fP plugin is useful for serving zones from resource record
|
||||
sets in GCP Cloud DNS. This plugin supports all Google Cloud DNS
|
||||
records
|
||||
\[la]https://cloud.google.com/dns/docs/overview#supported_dns_record_types\[ra]. This plugin can
|
||||
be used when CoreDNS is deployed on GCP or elsewhere. Note that this plugin accesses the resource
|
||||
records through the Google Cloud API. For records in a privately hosted zone, it is not necessary to
|
||||
place CoreDNS and this plugin in the associated VPC network. In fact the private hosted zone could
|
||||
be created without any associated VPC and this plugin could still access the resource records under
|
||||
the hosted zone.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
clouddns [ZONE:PROJECT\_ID:HOSTED\_ZONE\_NAME...] {
|
||||
credentials [FILENAME]
|
||||
fallthrough [ZONES...]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONE\fP the name of the domain to be accessed. When there are multiple zones with overlapping
|
||||
domains (private vs. public hosted zone), CoreDNS does the lookup in the given order here.
|
||||
Therefore, for a non-existing resource record, SOA response will be from the rightmost zone.
|
||||
.IP \(bu 4
|
||||
\fBPROJECT_ID\fP the project ID of the Google Cloud project.
|
||||
.IP \(bu 4
|
||||
\fBHOSTED_ZONE_NAME\fP the name of the hosted zone that contains the resource record sets to be
|
||||
accessed.
|
||||
.IP \(bu 4
|
||||
\fB\fCcredentials\fR is used for reading the credential file from \fBFILENAME\fP (normally a .json file).
|
||||
.IP \(bu 4
|
||||
\fB\fCfallthrough\fR If zone matches and no record can be generated, pass request to the next plugin.
|
||||
If \fB[ZONES...]\fP is omitted, then fallthrough happens for all zones for which the plugin is
|
||||
authoritative. If specific zones are listed (for example \fB\fCin-addr.arpa\fR and \fB\fCip6.arpa\fR), then
|
||||
only queries for those zones will be subject to fallthrough.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable clouddns with implicit GCP credentials and resolve CNAMEs via 10.0.0.1:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
clouddns example.org.:gcp\-example\-project:example\-zone
|
||||
forward . 10.0.0.1
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable clouddns with fallthrough:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
clouddns example.org.:gcp\-example\-project:example\-zone example.com.:gcp\-example\-project:example\-zone\-2 {
|
||||
fallthrough example.gov.
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable clouddns with multiple hosted zones with the same domain:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
clouddns example.org.:gcp\-example\-project:example\-zone example.com.:gcp\-example\-project:other\-example\-zone
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,73 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-DEBUG" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIdebug\fP - disables the automatic recovery upon a crash so that you'll get a nice stack trace.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
Normally CoreDNS will recover from panics; using \fIdebug\fP inhibits this. The main use of \fIdebug\fP is
|
||||
to help in testing. A side effect of using \fIdebug\fP is that \fB\fClog.Debug\fR and \fB\fClog.Debugf\fR messages
|
||||
will be printed to standard output.
|
||||
|
||||
.PP
|
||||
Note that the \fIerrors\fP plugin (if loaded) will also set a \fB\fCrecover\fR, negating this setting.
|
||||
|
||||
.PP
|
||||
Enabling this plugin is process-wide: enabling \fIdebug\fP in at least one server block enables
|
||||
debug mode globally.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
debug
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Some plugins will send debug log DNS messages. This is done in the following format:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
debug: 000000 00 0a 01 00 00 01 00 00 00 00 00 01 07 65 78 61
|
||||
debug: 000010 6d 70 6c 65 05 6c 6f 63 61 6c 00 00 01 00 01 00
|
||||
debug: 000020 00 29 10 00 00 00 80 00 00 00
|
||||
debug: 00002a
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Using \fB\fCtext2pcap\fR (part of Wireshark), this can be converted back to binary, with the following
|
||||
command line: \fB\fCtext2pcap -i 17 -u 53,53\fR, where 17 is the protocol (UDP) and 53 are the ports. These
|
||||
ports allow Wireshark to detect these packets as DNS messages.
|
||||
|
||||
.PP
|
||||
Each plugin can decide whether to dump messages to aid in debugging.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Disable the ability to recover from crashes and show debug logging:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
debug
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
https://www.wireshark.org/docs/man-pages/text2pcap.html
|
||||
\[la]https://www.wireshark.org/docs/man-pages/text2pcap.html\[ra].
|
||||
|
|
@ -1,144 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-DNS64" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIdns64\fP - enables DNS64 IPv6 transition mechanism.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIdns64\fP plugin will when asked for a domain's AAAA records, but only finds A records,
|
||||
synthesizes the AAAA records from the A records.
|
||||
|
||||
.PP
|
||||
The synthesis is \fIonly\fP performed \fBif the query came in via IPv6\fP.
|
||||
|
||||
.PP
|
||||
This translation is for IPv6-only networks that have NAT64
|
||||
\[la]https://en.wikipedia.org/wiki/NAT64\[ra].
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
dns64 [PREFIX]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBPREFIX\fP defines a custom prefix instead of the default \fB\fC64:ff9b::/96\fR.
|
||||
|
||||
|
||||
.PP
|
||||
Or use this slightly longer form with more options:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
dns64 [PREFIX] {
|
||||
[translate\_all]
|
||||
prefix PREFIX
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCprefix\fR specifies any local IPv6 prefix to use, instead of the well known prefix (64:ff9b::/96)
|
||||
.IP \(bu 4
|
||||
\fB\fCtranslate_all\fR translates all queries, including responses that have AAAA results.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Translate with the default well known prefix. Applies to all queries (if they came in over IPv6).
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
dns64
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Use a custom prefix.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
dns64 64:1337::/96
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
dns64 {
|
||||
prefix 64:1337::/96
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable translation even if an existing AAAA record is present.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
dns64 {
|
||||
translate\_all
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metrics are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dns64_requests_translated_total{server}\fR - counter of DNS requests translated
|
||||
|
||||
|
||||
.PP
|
||||
The \fB\fCserver\fR label is explained in the \fIprometheus\fP plugin documentation.
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
Not all features required by DNS64 are implemented, only basic AAAA synthesis.
|
||||
|
||||
.IP \(bu 4
|
||||
Support "mapping of separate IPv4 ranges to separate IPv6 prefixes"
|
||||
.IP \(bu 4
|
||||
Resolve PTR records
|
||||
.IP \(bu 4
|
||||
Make resolver DNSSEC aware. See: RFC 6147 Section 3
|
||||
\[la]https://tools.ietf.org/html/rfc6147#section-3\[ra]
|
||||
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
See RFC 6147
|
||||
\[la]https://tools.ietf.org/html/rfc6147\[ra] for more information on the DNS64 mechanism.
|
||||
|
|
@ -1,119 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-DNSSEC" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIdnssec\fP - enables on-the-fly DNSSEC signing of served data.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
With \fIdnssec\fP, any reply that doesn't (or can't) do DNSSEC will get signed on the fly. Authenticated
|
||||
denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm is preferred as
|
||||
this leads to smaller signatures (compared to RSA). NSEC3 is \fInot\fP supported.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
dnssec [ZONES... ] {
|
||||
key file KEY...
|
||||
cache\_capacity CAPACITY
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The signing behavior depends on the keys specified. If multiple keys are specified of which there is
|
||||
at least one key with the SEP bit set and at least one key with the SEP bit unset, signing will happen
|
||||
in split ZSK/KSK mode. DNSKEY records will be signed with all keys that have the SEP bit set. All other
|
||||
records will be signed with all keys that do not have the SEP bit set.
|
||||
|
||||
.PP
|
||||
In any other case, each specified key will be treated as a CSK (common signing key), forgoing the
|
||||
ZSK/KSK split. All signing operations are done online.
|
||||
Authenticated denial of existence is implemented with NSEC black lies. Using ECDSA as an algorithm
|
||||
is preferred as this leads to smaller signatures (compared to RSA). NSEC3 is \fInot\fP supported.
|
||||
|
||||
.PP
|
||||
If multiple \fIdnssec\fP plugins are specified in the same zone, the last one specified will be
|
||||
used (See bugs
|
||||
\[la]#bugs\[ra]).
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones that should be signed. If empty, the zones from the configuration block
|
||||
are used.
|
||||
.IP \(bu 4
|
||||
\fB\fCkey file\fR indicates that \fBKEY\fP file(s) should be read from disk. When multiple keys are specified, RRsets
|
||||
will be signed with all keys. Generating a key can be done with \fB\fCdnssec-keygen\fR: \fB\fCdnssec-keygen -a
|
||||
ECDSAP256SHA256 <zonename>\fR. A key created for zone \fIA\fP can be safely used for zone \fIB\fP. The name of the
|
||||
key file can be specified in one of the following formats
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
basename of the generated key \fB\fCKexample.org+013+45330\fR
|
||||
.IP \(en 4
|
||||
generated public key \fB\fCKexample.org+013+45330.key\fR
|
||||
.IP \(en 4
|
||||
generated private key \fB\fCKexample.org+013+45330.private\fR
|
||||
|
||||
.RE
|
||||
.IP \(bu 4
|
||||
\fB\fCcache_capacity\fR indicates the capacity of the cache. The dnssec plugin uses a cache to store
|
||||
RRSIGs. The default for \fBCAPACITY\fP is 10000.
|
||||
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metrics are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dnssec_cache_entries{server, type}\fR - total elements in the cache, type is "signature".
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dnssec_cache_hits_total{server}\fR - Counter of cache hits.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dnssec_cache_misses_total{server}\fR - Counter of cache misses.
|
||||
|
||||
|
||||
.PP
|
||||
The label \fB\fCserver\fR indicated the server handling the request, see the \fImetrics\fP plugin for details.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Sign responses for \fB\fCexample.org\fR with the key "Kexample.org.+013+45330.key".
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
dnssec {
|
||||
key file Kexample.org.+013+45330
|
||||
}
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Sign responses for a kubernetes zone with the key "Kcluster.local+013+45129.key".
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
cluster.local {
|
||||
kubernetes
|
||||
dnssec {
|
||||
key file Kcluster.local+013+45129
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,163 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-DNSTAP" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIdnstap\fP - enables logging to dnstap.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
dnstap is a flexible, structured binary log format for DNS software; see https://dnstap.info
|
||||
\[la]https://dnstap.info\[ra]. With this
|
||||
plugin you make CoreDNS output dnstap logging.
|
||||
|
||||
.PP
|
||||
Every message is sent to the socket as soon as it comes in, the \fIdnstap\fP plugin has a buffer of
|
||||
10000 messages, above that number dnstap messages will be dropped (this is logged).
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
dnstap SOCKET [full]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBSOCKET\fP is the socket (path) supplied to the dnstap command line tool.
|
||||
.IP \(bu 4
|
||||
\fB\fCfull\fR to include the wire-format DNS message.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Log information about client requests and responses to \fI/tmp/dnstap.sock\fP.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
dnstap /tmp/dnstap.sock
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Log information including the wire-format DNS message about client requests and responses to \fI/tmp/dnstap.sock\fP.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
dnstap unix:///tmp/dnstap.sock full
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Log to a remote endpoint.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
dnstap tcp://127.0.0.1:6000 full
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "COMMAND LINE TOOL"
|
||||
.PP
|
||||
Dnstap has a command line tool that can be used to inspect the logging. The tool can be found
|
||||
at Github: https://github.com/dnstap/golang-dnstap
|
||||
\[la]https://github.com/dnstap/golang-dnstap\[ra]. It's written in Go.
|
||||
|
||||
.PP
|
||||
The following command listens on the given socket and decodes messages to stdout.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
$ dnstap \-u /tmp/dnstap.sock
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The following command listens on the given socket and saves message payloads to a binary dnstap-format log file.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
$ dnstap \-u /tmp/dnstap.sock \-w /tmp/test.dnstap
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Listen for dnstap messages on port 6000.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
$ dnstap \-l 127.0.0.1:6000
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "USING DNSTAP IN YOUR PLUGIN"
|
||||
.PP
|
||||
In your setup function, check to see if the \fIdnstap\fP plugin is loaded:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
c.OnStartup(func() error {
|
||||
if taph := dnsserver.GetConfig(c).Handler("dnstap"); taph != nil {
|
||||
if tapPlugin, ok := taph.(dnstap.Dnstap); ok {
|
||||
f.tapPlugin = \&tapPlugin
|
||||
}
|
||||
}
|
||||
return nil
|
||||
})
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
And then in your plugin:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
func (x RandomPlugin) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
|
||||
if tapPlugin != nil {
|
||||
q := new(msg.Msg)
|
||||
msg.SetQueryTime(q, time.Now())
|
||||
msg.SetQueryAddress(q, w.RemoteAddr())
|
||||
if tapPlugin.IncludeRawMessage {
|
||||
buf, \_ := r.Pack() // r has been seen packed/unpacked before, this should not fail
|
||||
q.QueryMessage = buf
|
||||
}
|
||||
msg.SetType(q, tap.Message\_CLIENT\_QUERY)
|
||||
tapPlugin.TapMessage(q)
|
||||
}
|
||||
// ...
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
The website dnstap.info
|
||||
\[la]https://dnstap.info\[ra] has info on the dnstap protocol. The \fIforward\fP
|
||||
plugin's \fB\fCdnstap.go\fR uses dnstap to tap messages sent to an upstream.
|
||||
|
|
@ -1,132 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-ERRATIC" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIerratic\fP - a plugin useful for testing client behavior.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fIerratic\fP returns a static response to all queries, but the responses can be delayed,
|
||||
dropped or truncated. The \fIerratic\fP plugin will respond to every A or AAAA query. For
|
||||
any other type it will return a SERVFAIL response (except AXFR). The reply for A will return
|
||||
192.0.2.53 (RFC 5737
|
||||
\[la]https://tools.ietf.org/html/rfc5737\[ra]), for AAAA it returns 2001:DB8::53 (RFC
|
||||
3849
|
||||
\[la]https://tools.ietf.org/html/rfc3849\[ra]). For an AXFR request it will respond with a small
|
||||
zone transfer.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
erratic {
|
||||
drop [AMOUNT]
|
||||
truncate [AMOUNT]
|
||||
delay [AMOUNT [DURATION]]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCdrop\fR: drop 1 per \fBAMOUNT\fP of queries, the default is 2.
|
||||
.IP \(bu 4
|
||||
\fB\fCtruncate\fR: truncate 1 per \fBAMOUNT\fP of queries, the default is 2.
|
||||
.IP \(bu 4
|
||||
\fB\fCdelay\fR: delay 1 per \fBAMOUNT\fP of queries for \fBDURATION\fP, the default for \fBAMOUNT\fP is 2 and
|
||||
the default for \fBDURATION\fP is 100ms.
|
||||
|
||||
|
||||
.PP
|
||||
In case of a zone transfer and truncate the final SOA record \fIisn't\fP added to the response.
|
||||
|
||||
.SH "READY"
|
||||
.PP
|
||||
This plugin reports readiness to the ready plugin.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
erratic {
|
||||
drop 3
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or even shorter if the defaults suit you. Note this only drops queries, it does not delay them.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
erratic
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Delay 1 in 3 queries for 50ms
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
erratic {
|
||||
delay 3 50ms
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Delay 1 in 3 and truncate 1 in 5.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
erratic {
|
||||
delay 3 5ms
|
||||
truncate 5
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Drop every second query.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
erratic {
|
||||
drop 2
|
||||
truncate 2
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
RFC 3849
|
||||
\[la]https://tools.ietf.org/html/rfc3849\[ra] and RFC 5737
|
||||
\[la]https://tools.ietf.org/html/rfc5737\[ra].
|
||||
|
|
@ -1,93 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-ERRORS" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIerrors\fP - enables error logging.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
Any errors encountered during the query processing will be printed to standard output. The errors of particular type can be consolidated and printed once per some period of time.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
The basic syntax is:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
errors
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Extra knobs are available with an expanded syntax:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
errors {
|
||||
consolidate DURATION REGEXP
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Option \fB\fCconsolidate\fR allows collecting several error messages matching the regular expression \fBREGEXP\fP during \fBDURATION\fP. After the \fBDURATION\fP since receiving the first such message, the consolidated message will be printed to standard output, e.g.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
2 errors like '^read udp .* i/o timeout$' occurred in last 30s
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Multiple \fB\fCconsolidate\fR options with different \fBDURATION\fP and \fBREGEXP\fP are allowed. In case if some error message corresponds to several defined regular expressions the message will be associated with the first appropriate \fBREGEXP\fP.
|
||||
|
||||
.PP
|
||||
For better performance, it's recommended to use the \fB\fC^\fR or \fB\fC$\fR metacharacters in regular expression when filtering error messages by prefix or suffix, e.g. \fB\fC^failed to .*\fR, or \fB\fC.* timeout$\fR.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Use the \fIwhoami\fP to respond to queries in the example.org domain and Log errors to standard output.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
whoami
|
||||
errors
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Use the \fIforward\fP to resolve queries via 8.8.8.8 and print consolidated error messages for errors with suffix " i/o timeout" or with prefix "Failed to ".
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8
|
||||
errors {
|
||||
consolidate 5m ".* i/o timeout$"
|
||||
consolidate 30s "^Failed to .+"
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,372 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-ETCD" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIetcd\fP - enables SkyDNS service discovery from etcd.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIetcd\fP plugin implements the (older) SkyDNS service discovery service. It is \fInot\fP suitable as
|
||||
a generic DNS zone data plugin. Only a subset of DNS record types are implemented, and subdomains
|
||||
and delegations are not handled at all. The plugin will also recursively descend the tree and return
|
||||
all records found, see "Special Behavior" below for details.
|
||||
|
||||
.PP
|
||||
The data in the etcd instance has to be encoded as
|
||||
a message
|
||||
\[la]https://github.com/skynetservices/skydns/blob/2fcff74cdc9f9a7dd64189a447ef27ac354b725f/msg/service.go#L26\[ra]
|
||||
like SkyDNS
|
||||
\[la]https://github.com/skynetservices/skydns\[ra]. It works just like SkyDNS.
|
||||
|
||||
.PP
|
||||
The \fIetcd\fP plugin makes extensive use of the \fIforward\fP plugin to forward and query other servers in the
|
||||
network - if that plugin has been enabled as well.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
etcd [ZONES...]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones \fIetcd\fP should be authoritative for.
|
||||
|
||||
|
||||
.PP
|
||||
The path will default to \fB\fC/skydns\fR the local etcd3 proxy (http://localhost:2379
|
||||
\[la]http://localhost:2379\[ra]). If no zones are
|
||||
specified the block's zone will be used as the zone.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
etcd [ZONES...] {
|
||||
fallthrough [ZONES...]
|
||||
path PATH
|
||||
endpoint ENDPOINT...
|
||||
credentials USERNAME PASSWORD
|
||||
tls CERT KEY CACERT
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCfallthrough\fR If zone matches but no record can be generated, pass request to the next plugin.
|
||||
If \fB[ZONES...]\fP is omitted, then fallthrough happens for all zones for which the plugin
|
||||
is authoritative. If specific zones are listed (for example \fB\fCin-addr.arpa\fR and \fB\fCip6.arpa\fR), then only
|
||||
queries for those zones will be subject to fallthrough.
|
||||
.IP \(bu 4
|
||||
\fBPATH\fP the path inside etcd. Defaults to "/skydns".
|
||||
.IP \(bu 4
|
||||
\fBENDPOINT\fP the etcd endpoints. Defaults to "http://localhost:2379"
|
||||
\[la]http://localhost:2379"\[ra].
|
||||
.IP \(bu 4
|
||||
\fB\fCcredentials\fR is used to set the \fBUSERNAME\fP and \fBPASSWORD\fP for accessing the etcd cluster.
|
||||
.IP \(bu 4
|
||||
\fB\fCtls\fR followed by:
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
no arguments, if the server certificate is signed by a system-installed CA and no client cert is needed
|
||||
.IP \(en 4
|
||||
a single argument that is the CA PEM file, if the server cert is not signed by a system CA and no client cert is needed
|
||||
.IP \(en 4
|
||||
two arguments - path to cert PEM file, the path to private key PEM file - if the server certificate is signed by a system-installed CA and a client certificate is needed
|
||||
.IP \(en 4
|
||||
three arguments - path to cert PEM file, path to client private key PEM file, path to CA PEM
|
||||
file - if the server certificate is not signed by a system-installed CA and client certificate
|
||||
is needed.
|
||||
|
||||
.RE
|
||||
|
||||
|
||||
.SH "SPECIAL BEHAVIOUR"
|
||||
.PP
|
||||
The \fIetcd\fP plugin leverages directory structure to look for related entries. For example
|
||||
an entry \fB\fC/skydns/test/skydns/mx\fR would have entries like \fB\fC/skydns/test/skydns/mx/a\fR,
|
||||
\fB\fC/skydns/test/skydns/mx/b\fR and so on. Similarly a directory \fB\fC/skydns/test/skydns/mx1\fR will have all
|
||||
\fB\fCmx1\fR entries. Note this plugin will search through the entire (sub)tree for records. In case of the
|
||||
first example, a query for \fB\fCmx.skydns.text\fR will return both the contents of the \fB\fCa\fR and \fB\fCb\fR records.
|
||||
If the directory extends deeper those records are returned as well.
|
||||
|
||||
.PP
|
||||
With etcd3, support for hierarchical keys are
|
||||
dropped
|
||||
\[la]https://coreos.com/etcd/docs/latest/learning/api.html\[ra]. This means there are no directories
|
||||
but only flat keys with prefixes in etcd3. To accommodate lookups, the \fIetcd\fP plugin now does a lookup
|
||||
on prefix \fB\fC/skydns/test/skydns/mx/\fR to search for entries like \fB\fC/skydns/test/skydns/mx/a\fR etc, and
|
||||
if there is nothing found on \fB\fC/skydns/test/skydns/mx/\fR, it looks for \fB\fC/skydns/test/skydns/mx\fR to
|
||||
find entries like \fB\fC/skydns/test/skydns/mx1\fR.
|
||||
|
||||
.PP
|
||||
This causes two lookups from CoreDNS to etcd in certain cases.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
This is the default SkyDNS setup, with everything specified in full:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
skydns.local {
|
||||
etcd {
|
||||
path /skydns
|
||||
endpoint http://localhost:2379
|
||||
}
|
||||
prometheus
|
||||
cache
|
||||
loadbalance
|
||||
}
|
||||
|
||||
\&. {
|
||||
forward . 8.8.8.8:53 8.8.4.4:53
|
||||
cache
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or a setup where we use \fB\fC/etc/resolv.conf\fR as the basis for the proxy and the upstream
|
||||
when resolving external pointing CNAMEs.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
skydns.local {
|
||||
etcd {
|
||||
path /skydns
|
||||
}
|
||||
cache
|
||||
}
|
||||
|
||||
\&. {
|
||||
forward . /etc/resolv.conf
|
||||
cache
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Multiple endpoints are supported as well.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
etcd skydns.local {
|
||||
endpoint http://localhost:2379 http://localhost:4001
|
||||
\&...
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Before getting started with these examples, please setup \fB\fCetcdctl\fR (with \fB\fCetcdv3\fR API) as explained
|
||||
here
|
||||
\[la]https://coreos.com/etcd/docs/latest/dev-guide/interacting_v3.html\[ra]. This will help you to put
|
||||
sample keys in your etcd server.
|
||||
|
||||
.PP
|
||||
If you prefer, you can use \fB\fCcurl\fR to populate the \fB\fCetcd\fR server, but with \fB\fCcurl\fR the
|
||||
endpoint URL depends on the version of \fB\fCetcd\fR. For instance, \fB\fCetcd v3.2\fR or before uses only
|
||||
[CLIENT-URL]/v3alpha/* while \fB\fCetcd v3.5\fR or later uses [CLIENT-URL]/v3/* . Also, Key and Value must
|
||||
be base64 encoded in the JSON payload. With \fB\fCetcdctl\fR these details are automatically taken care
|
||||
of. You can check this document
|
||||
\[la]https://github.com/coreos/etcd/blob/master/Documentation/dev-guide/api_grpc_gateway.md#notes\[ra]
|
||||
for details.
|
||||
|
||||
.SS "REVERSE ZONES"
|
||||
.PP
|
||||
Reverse zones are supported. You need to make CoreDNS aware of the fact that you are also
|
||||
authoritative for the reverse. For instance if you want to add the reverse for 10.0.0.0/24, you'll
|
||||
need to add the zone \fB\fC0.0.10.in-addr.arpa\fR to the list of zones. Showing a snippet of a Corefile:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
etcd skydns.local 10.0.0.0/24 {
|
||||
\&...
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Next you'll need to populate the zone with reverse records, here we add a reverse for
|
||||
10.0.0.127 pointing to reverse.skydns.local.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% etcdctl put /skydns/arpa/in\-addr/10/0/0/127 '{"host":"reverse.skydns.local."}'
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Querying with dig:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% dig @localhost \-x 10.0.0.127 +short
|
||||
reverse.skydns.local.
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "ZONE NAME AS A RECORD"
|
||||
.PP
|
||||
The zone name itself can be used as an \fB\fCA\fR record. This behavior can be achieved by writing special
|
||||
entries to the ETCD path of your zone. If your zone is named \fB\fCskydns.local\fR for example, you can
|
||||
create an \fB\fCA\fR record for this zone as follows:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% etcdctl put /skydns/local/skydns/ '{"host":"1.1.1.1","ttl":60}'
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
If you query the zone name itself, you will receive the created \fB\fCA\fR record:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% dig +short skydns.local @localhost
|
||||
1.1.1.1
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
If you would like to use DNS RR for the zone name, you can set the following:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% etcdctl put /skydns/local/skydns/x1 '{"host":"1.1.1.1","ttl":60}'
|
||||
% etcdctl put /skydns/local/skydns/x2 '{"host":"1.1.1.2","ttl":60}'
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
If you query the zone name now, you will get the following response:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% dig +short skydns.local @localhost
|
||||
1.1.1.1
|
||||
1.1.1.2
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "ZONE NAME AS AAAA RECORD"
|
||||
.PP
|
||||
If you would like to use \fB\fCAAAA\fR records for the zone name too, you can set the following:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% etcdctl put /skydns/local/skydns/x3 '{"host":"2003::8:1","ttl":60}'
|
||||
% etcdctl put /skydns/local/skydns/x4 '{"host":"2003::8:2","ttl":60}'
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
If you query the zone name for \fB\fCAAAA\fR now, you will get the following response:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% dig +short skydns.local AAAA @localhost
|
||||
2003::8:1
|
||||
2003::8:2
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "SRV RECORD"
|
||||
.PP
|
||||
If you would like to use \fB\fCSRV\fR records, you can set the following:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% etcdctl put /skydns/local/skydns/x5 '{"host":"skydns\-local.server","ttl":60,"priority":10,"port":8080}'
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Please notice that the key \fB\fChost\fR is the \fB\fCtarget\fR in \fB\fCSRV\fR, so it should be a domain name.
|
||||
|
||||
.PP
|
||||
If you query the zone name for \fB\fCSRV\fR now, you will get the following response:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% dig +short skydns.local SRV @localhost
|
||||
10 100 8080 skydns\-local.server.
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "TXT RECORD"
|
||||
.PP
|
||||
If you would like to use \fB\fCTXT\fR records, you can set the following:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% etcdctl put /skydns/local/skydns/x6 '{"ttl":60,"text":"this is a random text message."}'
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
If you query the zone name for \fB\fCTXT\fR now, you will get the following response:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% dig +short skydns.local TXT @localhost
|
||||
"this is a random text message."
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
If you want to \fB\fCround robin\fR A and AAAA responses look at the \fIloadbalance\fP plugin.
|
||||
|
|
@ -1,167 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-FILE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIfile\fP - enables serving zone data from an RFC 1035-style master file.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIfile\fP plugin is used for an "old-style" DNS server. It serves from a preloaded file that exists
|
||||
on disk contained RFC 1035 styled data. If the zone file contains signatures (i.e., is signed using
|
||||
DNSSEC), correct DNSSEC answers are returned. Only NSEC is supported! If you use this setup \fIyou\fP
|
||||
are responsible for re-signing the zonefile.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
file DBFILE [ZONES...]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBDBFILE\fP the database file to read and parse. If the path is relative, the path from the \fIroot\fP
|
||||
plugin will be prepended to it.
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones it should be authoritative for. If empty, the zones from the configuration block
|
||||
are used.
|
||||
|
||||
|
||||
.PP
|
||||
If you want to round-robin A and AAAA responses look at the \fIloadbalance\fP plugin.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
file DBFILE [ZONES... ] {
|
||||
reload DURATION
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCreload\fR interval to perform a reload of the zone if the SOA version changes. Default is one minute.
|
||||
Value of \fB\fC0\fR means to not scan for changes and reload. For example, \fB\fC30s\fR checks the zonefile every 30 seconds
|
||||
and reloads the zone when serial changes.
|
||||
|
||||
|
||||
.PP
|
||||
If you need outgoing zone transfers, take a look at the \fItransfer\fP plugin.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Load the \fB\fCexample.org\fR zone from \fB\fCdb.example.org\fR and allow transfers to the internet, but send
|
||||
notifies to 10.240.1.1
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
file db.example.org
|
||||
transfer {
|
||||
to * 10.240.1.1
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Where \fB\fCdb.example.org\fR would contain RRSets (https://tools.ietf.org/html/rfc7719#section-4
|
||||
\[la]https://tools.ietf.org/html/rfc7719#section-4\[ra]) in the
|
||||
(text) presentation format from RFC 1035:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
$ORIGIN example.org.
|
||||
@ 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042745 7200 3600 1209600 3600
|
||||
3600 IN NS a.iana\-servers.net.
|
||||
3600 IN NS b.iana\-servers.net.
|
||||
|
||||
www IN A 127.0.0.1
|
||||
IN AAAA ::1
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or use a single zone file for multiple zones:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
file example.org.signed example.org example.net
|
||||
transfer example.org example.net {
|
||||
to * 10.240.1.1
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Note that if you have a configuration like the following you may run into a problem of the origin
|
||||
not being correctly recognized:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
file db.example.org
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
We omit the origin for the file \fB\fCdb.example.org\fR, so this references the zone in the server block,
|
||||
which, in this case, is the root zone. Any contents of \fB\fCdb.example.org\fR will then read with that
|
||||
origin set; this may or may not do what you want.
|
||||
It's better to be explicit here and specify the correct origin. This can be done in two ways:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
file db.example.org example.org
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
file db.example.org
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
See the \fIloadbalance\fP plugin if you need simple record shuffling. And the \fItransfer\fP plugin for zone
|
||||
transfers. Lastly the \fIroot\fP plugin can help you specify the location of the zone files.
|
||||
|
||||
.PP
|
||||
See RFC 1035
|
||||
\[la]https://www.rfc-editor.org/rfc/rfc1035.txt\[ra] for more info on how to structure zone
|
||||
files.
|
||||
|
|
@ -1,326 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-FORWARD" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIforward\fP - facilitates proxying DNS messages to upstream resolvers.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIforward\fP plugin re-uses already opened sockets to the upstreams. It supports UDP, TCP and
|
||||
DNS-over-TLS and uses in band health checking.
|
||||
|
||||
.PP
|
||||
When it detects an error a health check is performed. This checks runs in a loop, performing each
|
||||
check at a \fI0.5s\fP interval for as long as the upstream reports unhealthy. Once healthy we stop
|
||||
health checking (until the next error). The health checks use a recursive DNS query (\fB\fC. IN NS\fR)
|
||||
to get upstream health. Any response that is not a network error (REFUSED, NOTIMPL, SERVFAIL, etc)
|
||||
is taken as a healthy upstream. The health check uses the same protocol as specified in \fBTO\fP. If
|
||||
\fB\fCmax_fails\fR is set to 0, no checking is performed and upstreams will always be considered healthy.
|
||||
|
||||
.PP
|
||||
When \fIall\fP upstreams are down it assumes health checking as a mechanism has failed and will try to
|
||||
connect to a random upstream (which may or may not work).
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
In its most basic form, a simple forwarder uses this syntax:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
forward FROM TO...
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBFROM\fP is the base domain to match for the request to be forwarded.
|
||||
.IP \(bu 4
|
||||
\fBTO...\fP are the destination endpoints to forward to. The \fBTO\fP syntax allows you to specify
|
||||
a protocol, \fB\fCtls://9.9.9.9\fR or \fB\fCdns://\fR (or no protocol) for plain DNS. The number of upstreams is
|
||||
limited to 15.
|
||||
|
||||
|
||||
.PP
|
||||
Multiple upstreams are randomized (see \fB\fCpolicy\fR) on first use. When a healthy proxy returns an error
|
||||
during the exchange the next upstream in the list is tried.
|
||||
|
||||
.PP
|
||||
Extra knobs are available with an expanded syntax:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
forward FROM TO... {
|
||||
except IGNORED\_NAMES...
|
||||
force\_tcp
|
||||
prefer\_udp
|
||||
expire DURATION
|
||||
max\_fails INTEGER
|
||||
tls CERT KEY CA
|
||||
tls\_servername NAME
|
||||
policy random|round\_robin|sequential
|
||||
health\_check DURATION [no\_rec]
|
||||
max\_concurrent MAX
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBFROM\fP and \fBTO...\fP as above.
|
||||
.IP \(bu 4
|
||||
\fBIGNORED_NAMES\fP in \fB\fCexcept\fR is a space-separated list of domains to exclude from forwarding.
|
||||
Requests that match none of these names will be passed through.
|
||||
.IP \(bu 4
|
||||
\fB\fCforce_tcp\fR, use TCP even when the request comes in over UDP.
|
||||
.IP \(bu 4
|
||||
\fB\fCprefer_udp\fR, try first using UDP even when the request comes in over TCP. If response is truncated
|
||||
(TC flag set in response) then do another attempt over TCP. In case if both \fB\fCforce_tcp\fR and
|
||||
\fB\fCprefer_udp\fR options specified the \fB\fCforce_tcp\fR takes precedence.
|
||||
.IP \(bu 4
|
||||
\fB\fCmax_fails\fR is the number of subsequent failed health checks that are needed before considering
|
||||
an upstream to be down. If 0, the upstream will never be marked as down (nor health checked).
|
||||
Default is 2.
|
||||
.IP \(bu 4
|
||||
\fB\fCexpire\fR \fBDURATION\fP, expire (cached) connections after this time, the default is 10s.
|
||||
.IP \(bu 4
|
||||
\fB\fCtls\fR \fBCERT\fP \fBKEY\fP \fBCA\fP define the TLS properties for TLS connection. From 0 to 3 arguments can be
|
||||
provided with the meaning as described below
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
\fB\fCtls\fR - no client authentication is used, and the system CAs are used to verify the server certificate
|
||||
.IP \(en 4
|
||||
\fB\fCtls\fR \fBCA\fP - no client authentication is used, and the file CA is used to verify the server certificate
|
||||
.IP \(en 4
|
||||
\fB\fCtls\fR \fBCERT\fP \fBKEY\fP - client authentication is used with the specified cert/key pair.
|
||||
The server certificate is verified with the system CAs
|
||||
.IP \(en 4
|
||||
\fB\fCtls\fR \fBCERT\fP \fBKEY\fP \fBCA\fP - client authentication is used with the specified cert/key pair.
|
||||
The server certificate is verified using the specified CA file
|
||||
|
||||
.RE
|
||||
.IP \(bu 4
|
||||
\fB\fCtls_servername\fR \fBNAME\fP allows you to set a server name in the TLS configuration; for instance 9.9.9.9
|
||||
needs this to be set to \fB\fCdns.quad9.net\fR. Multiple upstreams are still allowed in this scenario,
|
||||
but they have to use the same \fB\fCtls_servername\fR. E.g. mixing 9.9.9.9 (QuadDNS) with 1.1.1.1
|
||||
(Cloudflare) will not work.
|
||||
.IP \(bu 4
|
||||
\fB\fCpolicy\fR specifies the policy to use for selecting upstream servers. The default is \fB\fCrandom\fR.
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
\fB\fCrandom\fR is a policy that implements random upstream selection.
|
||||
.IP \(en 4
|
||||
\fB\fCround_robin\fR is a policy that selects hosts based on round robin ordering.
|
||||
.IP \(en 4
|
||||
\fB\fCsequential\fR is a policy that selects hosts based on sequential ordering.
|
||||
|
||||
.RE
|
||||
.IP \(bu 4
|
||||
\fB\fChealth_check\fR configure the behaviour of health checking of the upstream servers
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
\fB\fC<duration>\fR - use a different duration for health checking, the default duration is 0.5s.
|
||||
.IP \(en 4
|
||||
\fB\fCno_rec\fR - optional argument that sets the RecursionDesired-flag of the dns-query used in health checking to \fB\fCfalse\fR.
|
||||
The flag is default \fB\fCtrue\fR.
|
||||
|
||||
.RE
|
||||
.IP \(bu 4
|
||||
\fB\fCmax_concurrent\fR \fBMAX\fP will limit the number of concurrent queries to \fBMAX\fP. Any new query that would
|
||||
raise the number of concurrent queries above the \fBMAX\fP will result in a REFUSED response. This
|
||||
response does not count as a health failure. When choosing a value for \fBMAX\fP, pick a number
|
||||
at least greater than the expected \fIupstream query rate\fP * \fIlatency\fP of the upstream servers.
|
||||
As an upper bound for \fBMAX\fP, consider that each concurrent query will use about 2kb of memory.
|
||||
|
||||
|
||||
.PP
|
||||
Also note the TLS config is "global" for the whole forwarding proxy if you need a different
|
||||
\fB\fCtls-name\fR for different upstreams you're out of luck.
|
||||
|
||||
.PP
|
||||
On each endpoint, the timeouts for communication are set as follows:
|
||||
|
||||
.IP \(bu 4
|
||||
The dial timeout by default is 30s, and can decrease automatically down to 100ms based on early results.
|
||||
.IP \(bu 4
|
||||
The read timeout is static at 2s.
|
||||
|
||||
|
||||
.SH "METADATA"
|
||||
.PP
|
||||
The forward plugin will publish the following metadata, if the \fImetadata\fP
|
||||
plugin is also enabled:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCforward/upstream\fR: the upstream used to forward the request
|
||||
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metric are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_requests_total{to}\fR - query count per upstream.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_responses_total{to}\fR - Counter of responses received per upstream.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_request_duration_seconds{to, rcode, type}\fR - duration per upstream, RCODE, type
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_responses_total{to, rcode}\fR - count of RCODEs per upstream.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_healthcheck_failures_total{to}\fR - number of failed health checks per upstream.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_healthcheck_broken_total{}\fR - counter of when all upstreams are unhealthy,
|
||||
and we are randomly (this always uses the \fB\fCrandom\fR policy) spraying to an upstream.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_max_concurrent_rejects_total{}\fR - counter of the number of queries rejected because the
|
||||
number of concurrent queries were at maximum.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_conn_cache_hits_total{to, proto}\fR - counter of connection cache hits per upstream and protocol.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_forward_conn_cache_misses_total{to, proto}\fR - counter of connection cache misses per upstream and protocol.
|
||||
Where \fB\fCto\fR is one of the upstream servers (\fBTO\fP from the config), \fB\fCrcode\fR is the returned RCODE
|
||||
from the upstream, \fB\fCproto\fR is the transport protocol like \fB\fCudp\fR, \fB\fCtcp\fR, \fB\fCtcp-tls\fR.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Proxy all requests within \fB\fCexample.org.\fR to a nameserver running on a different port:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
forward . 127.0.0.1:9005
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Load balance all requests between three resolvers, one of which has a IPv6 address.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 10.0.0.10:53 10.0.0.11:1053 [2003::1]:53
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Forward everything except requests to \fB\fCexample.org\fR
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 10.0.0.10:1234 {
|
||||
except example.org
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Proxy everything except \fB\fCexample.org\fR using the host's \fB\fCresolv.conf\fR's nameservers:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . /etc/resolv.conf {
|
||||
except example.org
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Proxy all requests to 9.9.9.9 using the DNS-over-TLS (DoT) protocol, and cache every answer for up to 30
|
||||
seconds. Note the \fB\fCtls_servername\fR is mandatory if you want a working setup, as 9.9.9.9 can't be
|
||||
used in the TLS negotiation. Also set the health check duration to 5s to not completely swamp the
|
||||
service with health checks.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . tls://9.9.9.9 {
|
||||
tls\_servername dns.quad9.net
|
||||
health\_check 5s
|
||||
}
|
||||
cache 30
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or with multiple upstreams from the same provider
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . tls://1.1.1.1 tls://1.0.0.1 {
|
||||
tls\_servername cloudflare\-dns.com
|
||||
health\_check 5s
|
||||
}
|
||||
cache 30
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or when you have multiple DoT upstreams with different \fB\fCtls_servername\fRs, you can do the following:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 127.0.0.1:5301 127.0.0.1:5302
|
||||
}
|
||||
|
||||
\&.:5301 {
|
||||
forward . 8.8.8.8 8.8.4.4 {
|
||||
tls\_servername dns.google
|
||||
}
|
||||
}
|
||||
|
||||
\&.:5302 {
|
||||
forward . 1.1.1.1 1.0.0.1 {
|
||||
tls\_servername cloudflare\-dns.com
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
RFC 7858
|
||||
\[la]https://tools.ietf.org/html/rfc7858\[ra] for DNS over TLS.
|
||||
|
|
@ -1,205 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-GRPC" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIgrpc\fP - facilitates proxying DNS messages to upstream resolvers via gRPC protocol.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIgrpc\fP plugin supports gRPC and TLS.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
In its most basic form:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
grpc FROM TO...
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBFROM\fP is the base domain to match for the request to be proxied.
|
||||
.IP \(bu 4
|
||||
\fBTO...\fP are the destination endpoints to proxy to. The number of upstreams is
|
||||
limited to 15.
|
||||
|
||||
|
||||
.PP
|
||||
Multiple upstreams are randomized (see \fB\fCpolicy\fR) on first use. When a proxy returns an error
|
||||
the next upstream in the list is tried.
|
||||
|
||||
.PP
|
||||
Extra knobs are available with an expanded syntax:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
grpc FROM TO... {
|
||||
except IGNORED\_NAMES...
|
||||
tls CERT KEY CA
|
||||
tls\_servername NAME
|
||||
policy random|round\_robin|sequential
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBFROM\fP and \fBTO...\fP as above.
|
||||
.IP \(bu 4
|
||||
\fBIGNORED_NAMES\fP in \fB\fCexcept\fR is a space-separated list of domains to exclude from proxying.
|
||||
Requests that match none of these names will be passed through.
|
||||
.IP \(bu 4
|
||||
\fB\fCtls\fR \fBCERT\fP \fBKEY\fP \fBCA\fP define the TLS properties for TLS connection. From 0 to 3 arguments can be
|
||||
provided with the meaning as described below
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
\fB\fCtls\fR - no client authentication is used, and the system CAs are used to verify the server certificate
|
||||
.IP \(en 4
|
||||
\fB\fCtls\fR \fBCA\fP - no client authentication is used, and the file CA is used to verify the server certificate
|
||||
.IP \(en 4
|
||||
\fB\fCtls\fR \fBCERT\fP \fBKEY\fP - client authentication is used with the specified cert/key pair.
|
||||
The server certificate is verified with the system CAs
|
||||
.IP \(en 4
|
||||
\fB\fCtls\fR \fBCERT\fP \fBKEY\fP \fBCA\fP - client authentication is used with the specified cert/key pair.
|
||||
The server certificate is verified using the specified CA file
|
||||
|
||||
.RE
|
||||
.IP \(bu 4
|
||||
\fB\fCtls_servername\fR \fBNAME\fP allows you to set a server name in the TLS configuration; for instance 9.9.9.9
|
||||
needs this to be set to \fB\fCdns.quad9.net\fR. Multiple upstreams are still allowed in this scenario,
|
||||
but they have to use the same \fB\fCtls_servername\fR. E.g. mixing 9.9.9.9 (QuadDNS) with 1.1.1.1
|
||||
(Cloudflare) will not work.
|
||||
.IP \(bu 4
|
||||
\fB\fCpolicy\fR specifies the policy to use for selecting upstream servers. The default is \fB\fCrandom\fR.
|
||||
|
||||
|
||||
.PP
|
||||
Also note the TLS config is "global" for the whole grpc proxy if you need a different
|
||||
\fB\fCtls-name\fR for different upstreams you're out of luck.
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metric are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_grpc_request_duration_seconds{to}\fR - duration per upstream interaction.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_grpc_requests_total{to}\fR - query count per upstream.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_grpc_responses_total{to, rcode}\fR - count of RCODEs per upstream.
|
||||
and we are randomly (this always uses the \fB\fCrandom\fR policy) spraying to an upstream.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Proxy all requests within \fB\fCexample.org.\fR to a nameserver running on a different port:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
grpc . 127.0.0.1:9005
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Load balance all requests between three resolvers, one of which has a IPv6 address.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
grpc . 10.0.0.10:53 10.0.0.11:1053 [2003::1]:53
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Forward everything except requests to \fB\fCexample.org\fR
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
grpc . 10.0.0.10:1234 {
|
||||
except example.org
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Proxy everything except \fB\fCexample.org\fR using the host's \fB\fCresolv.conf\fR's nameservers:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
grpc . /etc/resolv.conf {
|
||||
except example.org
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Proxy all requests to 9.9.9.9 using the TLS protocol, and cache every answer for up to 30
|
||||
seconds. Note the \fB\fCtls_servername\fR is mandatory if you want a working setup, as 9.9.9.9 can't be
|
||||
used in the TLS negotiation.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
grpc . 9.9.9.9 {
|
||||
tls\_servername dns.quad9.net
|
||||
}
|
||||
cache 30
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or with multiple upstreams from the same provider
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
grpc . 1.1.1.1 1.0.0.1 {
|
||||
tls\_servername cloudflare\-dns.com
|
||||
}
|
||||
cache 30
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
The TLS config is global for the whole grpc proxy if you need a different \fB\fCtls_servername\fR for
|
||||
different upstreams you're out of luck.
|
||||
|
|
@ -1,115 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-HEALTH" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIhealth\fP - enables a health check endpoint.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
Enabled process wide health endpoint. When CoreDNS is up and running this returns a 200 OK HTTP
|
||||
status code. The health is exported, by default, on port 8080/health.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
health [ADDRESS]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Optionally takes an address; the default is \fB\fC:8080\fR. The health path is fixed to \fB\fC/health\fR. The
|
||||
health endpoint returns a 200 response code and the word "OK" when this server is healthy.
|
||||
|
||||
.PP
|
||||
An extra option can be set with this extended syntax:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
health [ADDRESS] {
|
||||
lameduck DURATION
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
Where \fB\fClameduck\fR will delay shutdown for \fBDURATION\fP. /health will still answer 200 OK.
|
||||
Note: The \fIready\fP plugin will not answer OK while CoreDNS is in lameduck mode prior to shutdown.
|
||||
|
||||
|
||||
.PP
|
||||
If you have multiple Server Blocks, \fIhealth\fP can only be enabled in one of them (as it is process
|
||||
wide). If you really need multiple endpoints, you must run health endpoints on different ports:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
com {
|
||||
whoami
|
||||
health :8080
|
||||
}
|
||||
|
||||
net {
|
||||
erratic
|
||||
health :8081
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Doing this is supported but both endpoints ":8080" and ":8081" will export the exact same health.
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metric is exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_health_request_duration_seconds{}\fR - duration to process a HTTP query to the local
|
||||
\fB\fC/health\fR endpoint. As this a local operation it should be fast. A (large) increase in this
|
||||
duration indicates the CoreDNS process is having trouble keeping up with its query load.
|
||||
|
||||
|
||||
.PP
|
||||
Note that this metric \fIdoes not\fP have a \fB\fCserver\fR label, because being overloaded is a symptom of
|
||||
the running process, \fInot\fP a specific server.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Run another health endpoint on http://localhost:8091
|
||||
\[la]http://localhost:8091\[ra].
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
health localhost:8091
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Set a lameduck duration of 1 second:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
health localhost:8092 {
|
||||
lameduck 1s
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,175 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-HOSTS" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIhosts\fP - enables serving zone data from a \fB\fC/etc/hosts\fR style file.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIhosts\fP plugin is useful for serving zones from a \fB\fC/etc/hosts\fR file. It serves from a preloaded
|
||||
file that exists on disk. It checks the file for changes and updates the zones accordingly. This
|
||||
plugin only supports A, AAAA, and PTR records. The hosts plugin can be used with readily
|
||||
available hosts files that block access to advertising servers.
|
||||
|
||||
.PP
|
||||
The plugin reloads the content of the hosts file every 5 seconds. Upon reload, CoreDNS will use the
|
||||
new definitions. Should the file be deleted, any inlined content will continue to be served. When
|
||||
the file is restored, it will then again be used.
|
||||
|
||||
.PP
|
||||
If you want to pass the request to the rest of the plugin chain if there is no match in the \fIhosts\fP
|
||||
plugin, you must specify the \fB\fCfallthrough\fR option.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "THE HOSTS FILE"
|
||||
.PP
|
||||
Commonly the entries are of the form \fB\fCIP_address canonical_hostname [aliases...]\fR as explained by
|
||||
the hosts(5) man page.
|
||||
|
||||
.PP
|
||||
Examples:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
127.0.0.1 localhost
|
||||
192.168.1.10 example.com example
|
||||
|
||||
::1 localhost ip6\-localhost ip6\-loopback
|
||||
fdfc:a744:27b5:3b0e::1 example.com example
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "PTR RECORDS"
|
||||
.PP
|
||||
PTR records for reverse lookups are generated automatically by CoreDNS (based on the hosts file
|
||||
entries) and cannot be created manually.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
hosts [FILE [ZONES...]] {
|
||||
[INLINE]
|
||||
ttl SECONDS
|
||||
no\_reverse
|
||||
reload DURATION
|
||||
fallthrough [ZONES...]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBFILE\fP the hosts file to read and parse. If the path is relative the path from the \fIroot\fP
|
||||
plugin will be prepended to it. Defaults to /etc/hosts if omitted. We scan the file for changes
|
||||
every 5 seconds.
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones it should be authoritative for. If empty, the zones from the configuration block
|
||||
are used.
|
||||
.IP \(bu 4
|
||||
\fBINLINE\fP the hosts file contents inlined in Corefile. If there are any lines before fallthrough
|
||||
then all of them will be treated as the additional content for hosts file. The specified hosts
|
||||
file path will still be read but entries will be overridden.
|
||||
.IP \(bu 4
|
||||
\fB\fCttl\fR change the DNS TTL of the records generated (forward and reverse). The default is 3600 seconds (1 hour).
|
||||
.IP \(bu 4
|
||||
\fB\fCreload\fR change the period between each hostsfile reload. A time of zero seconds disables the
|
||||
feature. Examples of valid durations: "300ms", "1.5h" or "2h45m". See Go's
|
||||
time
|
||||
\[la]https://godoc.org/time\[ra]. package.
|
||||
.IP \(bu 4
|
||||
\fB\fCno_reverse\fR disable the automatic generation of the \fB\fCin-addr.arpa\fR or \fB\fCip6.arpa\fR entries for the hosts
|
||||
.IP \(bu 4
|
||||
\fB\fCfallthrough\fR If zone matches and no record can be generated, pass request to the next plugin.
|
||||
If \fB[ZONES...]\fP is omitted, then fallthrough happens for all zones for which the plugin
|
||||
is authoritative. If specific zones are listed (for example \fB\fCin-addr.arpa\fR and \fB\fCip6.arpa\fR), then only
|
||||
queries for those zones will be subject to fallthrough.
|
||||
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metrics are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_hosts_entries{}\fR - The combined number of entries in hosts and Corefile.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_hosts_reload_timestamp_seconds{}\fR - The timestamp of the last reload of hosts file.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Load \fB\fC/etc/hosts\fR file.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
hosts
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Load \fB\fCexample.hosts\fR file in the current directory.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
hosts example.hosts
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Load example.hosts file and only serve example.org and example.net from it and fall through to the
|
||||
next plugin if query doesn't match.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
hosts example.hosts example.org example.net {
|
||||
fallthrough
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Load hosts file inlined in Corefile.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.hosts example.org {
|
||||
hosts {
|
||||
10.0.0.1 example.org
|
||||
fallthrough
|
||||
}
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
The form of the entries in the \fB\fC/etc/hosts\fR file are based on IETF RFC 952
|
||||
\[la]https://tools.ietf.org/html/rfc952\[ra] which was updated by IETF RFC 1123
|
||||
\[la]https://tools.ietf.org/html/rfc1123\[ra].
|
||||
|
|
@ -1,110 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-IMPORT" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIimport\fP - includes files or references snippets from a Corefile.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIimport\fP plugin can be used to include files into the main configuration. Another use is to
|
||||
reference predefined snippets. Both can help to avoid some duplication.
|
||||
|
||||
.PP
|
||||
This is a unique plugin in that \fIimport\fP can appear outside of a server block. In other words, it
|
||||
can appear at the top of a Corefile where an address would normally be.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
import PATTERN
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBPATTERN\fP is the file, glob pattern (\fB\fC*\fR) or snippet to include. Its contents will replace
|
||||
this line, as if that file's contents appeared here to begin with.
|
||||
|
||||
|
||||
.SH "FILES"
|
||||
.PP
|
||||
You can use \fIimport\fP to include a file or files. This file's location is relative to the
|
||||
Corefile's location. It is an error if a specific file cannot be found, but an empty glob pattern is
|
||||
not an error.
|
||||
|
||||
.SH "SNIPPETS"
|
||||
.PP
|
||||
You can define snippets to be reused later in your Corefile by defining a block with a single-token
|
||||
label surrounded by parentheses:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
(mysnippet) {
|
||||
...
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Then you can invoke the snippet with \fIimport\fP:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
import mysnippet
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Import a shared configuration:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
import config/common.conf
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Where \fB\fCconfig/common.conf\fR contains:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
prometheus
|
||||
errors
|
||||
log
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
This imports files found in the zones directory:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
import ../zones/*
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
See corefile(5).
|
||||
|
|
@ -1,130 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-K8S_EXTERNAL" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIk8s_external\fP - resolves load balancer and external IPs from outside Kubernetes clusters.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
This plugin allows an additional zone to resolve the external IP address(es) of a Kubernetes
|
||||
service. This plugin is only useful if the \fIkubernetes\fP plugin is also loaded.
|
||||
|
||||
.PP
|
||||
The plugin uses an external zone to resolve in-cluster IP addresses. It only handles queries for A,
|
||||
AAAA and SRV records; all others result in NODATA responses. To make it a proper DNS zone, it handles
|
||||
SOA and NS queries for the apex of the zone.
|
||||
|
||||
.PP
|
||||
By default the apex of the zone will look like the following (assuming the zone used is \fB\fCexample.org\fR):
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org. 5 IN SOA ns1.dns.example.org. hostmaster.example.org. (
|
||||
12345 ; serial
|
||||
14400 ; refresh (4 hours)
|
||||
3600 ; retry (1 hour)
|
||||
604800 ; expire (1 week)
|
||||
5 ; minimum (4 hours)
|
||||
)
|
||||
example.org 5 IN NS ns1.dns.example.org.
|
||||
|
||||
ns1.dns.example.org. 5 IN A ....
|
||||
ns1.dns.example.org. 5 IN AAAA ....
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Note that we use the \fB\fCdns\fR subdomain for the records DNS needs (see the \fB\fCapex\fR directive). Also
|
||||
note the SOA's serial number is static. The IP addresses of the nameserver records are those of the
|
||||
CoreDNS service.
|
||||
|
||||
.PP
|
||||
The \fIk8s_external\fP plugin handles the subdomain \fB\fCdns\fR and the apex of the zone itself; all other
|
||||
queries are resolved to addresses in the cluster.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
k8s\_external [ZONE...]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones \fIk8s_external\fP should be authoritative for.
|
||||
|
||||
|
||||
.PP
|
||||
If you want to change the apex domain or use a different TTL for the returned records you can use
|
||||
this extended syntax.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
k8s\_external [ZONE...] {
|
||||
apex APEX
|
||||
ttl TTL
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBAPEX\fP is the name (DNS label) to use for the apex records; it defaults to \fB\fCdns\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCttl\fR allows you to set a custom \fBTTL\fP for responses. The default is 5 (seconds).
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable names under \fB\fCexample.org\fR to be resolved to in-cluster DNS addresses.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
kubernetes cluster.local
|
||||
k8s\_external example.org
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
With the Corefile above, the following Service will get an \fB\fCA\fR record for \fB\fCtest.default.example.org\fR with the IP address \fB\fC192.168.200.123\fR.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: test
|
||||
namespace: default
|
||||
spec:
|
||||
clusterIP: None
|
||||
externalIPs:
|
||||
\- 192.168.200.123
|
||||
type: ClusterIP
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
For some background see resolve external IP address
|
||||
\[la]https://github.com/kubernetes/dns/issues/242\[ra].
|
||||
And A records for services with Load Balancer IP
|
||||
\[la]https://github.com/coredns/coredns/issues/1851\[ra].
|
||||
|
||||
.PP
|
||||
PTR queries for the reverse zone is not supported.
|
||||
|
|
@ -1,352 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-KUBERNETES" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIkubernetes\fP - enables reading zone data from a Kubernetes cluster.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
This plugin implements the Kubernetes DNS-Based Service Discovery
|
||||
Specification
|
||||
\[la]https://github.com/kubernetes/dns/blob/master/docs/specification.md\[ra].
|
||||
|
||||
.PP
|
||||
CoreDNS running the kubernetes plugin can be used as a replacement for kube-dns in a kubernetes
|
||||
cluster. See the deployment
|
||||
\[la]https://github.com/coredns/deployment\[ra] repository for details on how
|
||||
to deploy CoreDNS in Kubernetes
|
||||
\[la]https://github.com/coredns/deployment/tree/master/kubernetes\[ra].
|
||||
|
||||
.PP
|
||||
stubDomains and upstreamNameservers
|
||||
\[la]https://kubernetes.io/blog/2017/04/configuring-private-dns-zones-upstream-nameservers-kubernetes/\[ra]
|
||||
are implemented via the \fIforward\fP plugin. See the examples below.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
kubernetes [ZONES...]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
With only the plugin specified, the \fIkubernetes\fP plugin will default to the zone specified in
|
||||
the server's block. It will handle all queries in that zone and connect to Kubernetes in-cluster. It
|
||||
will not provide PTR records for services or A records for pods. If \fBZONES\fP is used it specifies
|
||||
all the zones the plugin should be authoritative for.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
kubernetes [ZONES...] {
|
||||
endpoint URL
|
||||
tls CERT KEY CACERT
|
||||
kubeconfig KUBECONFIG [CONTEXT]
|
||||
namespaces NAMESPACE...
|
||||
labels EXPRESSION
|
||||
pods POD\-MODE
|
||||
endpoint\_pod\_names
|
||||
ttl TTL
|
||||
noendpoints
|
||||
fallthrough [ZONES...]
|
||||
ignore empty\_service
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCendpoint\fR specifies the \fBURL\fP for a remote k8s API endpoint.
|
||||
If omitted, it will connect to k8s in-cluster using the cluster service account.
|
||||
.IP \(bu 4
|
||||
\fB\fCtls\fR \fBCERT\fP \fBKEY\fP \fBCACERT\fP are the TLS cert, key and the CA cert file names for remote k8s connection.
|
||||
This option is ignored if connecting in-cluster (i.e. endpoint is not specified).
|
||||
.IP \(bu 4
|
||||
\fB\fCkubeconfig\fR \fBKUBECONFIG [CONTEXT]\fP authenticates the connection to a remote k8s cluster using a kubeconfig file.
|
||||
\fB[CONTEXT]\fP is optional, if not set, then the current context specified in kubeconfig will be used.
|
||||
It supports TLS, username and password, or token-based authentication.
|
||||
This option is ignored if connecting in-cluster (i.e., the endpoint is not specified).
|
||||
.IP \(bu 4
|
||||
\fB\fCnamespaces\fR \fBNAMESPACE [NAMESPACE...]\fP only exposes the k8s namespaces listed.
|
||||
If this option is omitted all namespaces are exposed
|
||||
.IP \(bu 4
|
||||
\fB\fCnamespace_labels\fR \fBEXPRESSION\fP only expose the records for Kubernetes namespaces that match this label selector.
|
||||
The label selector syntax is described in the
|
||||
Kubernetes User Guide - Labels
|
||||
\[la]https://kubernetes.io/docs/user-guide/labels/\[ra]. An example that
|
||||
only exposes namespaces labeled as "istio-injection=enabled", would use:
|
||||
\fB\fClabels istio-injection=enabled\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fClabels\fR \fBEXPRESSION\fP only exposes the records for Kubernetes objects that match this label selector.
|
||||
The label selector syntax is described in the
|
||||
Kubernetes User Guide - Labels
|
||||
\[la]https://kubernetes.io/docs/user-guide/labels/\[ra]. An example that
|
||||
only exposes objects labeled as "application=nginx" in the "staging" or "qa" environments, would
|
||||
use: \fB\fClabels environment in (staging, qa),application=nginx\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCpods\fR \fBPOD-MODE\fP sets the mode for handling IP-based pod A records, e.g.
|
||||
\fB\fC1-2-3-4.ns.pod.cluster.local. in A 1.2.3.4\fR.
|
||||
This option is provided to facilitate use of SSL certs when connecting directly to pods. Valid
|
||||
values for \fBPOD-MODE\fP:
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
\fB\fCdisabled\fR: Default. Do not process pod requests, always returning \fB\fCNXDOMAIN\fR
|
||||
.IP \(en 4
|
||||
\fB\fCinsecure\fR: Always return an A record with IP from request (without checking k8s). This option
|
||||
is vulnerable to abuse if used maliciously in conjunction with wildcard SSL certs. This
|
||||
option is provided for backward compatibility with kube-dns.
|
||||
.IP \(en 4
|
||||
\fB\fCverified\fR: Return an A record if there exists a pod in same namespace with matching IP. This
|
||||
option requires substantially more memory than in insecure mode, since it will maintain a watch
|
||||
on all pods.
|
||||
|
||||
.RE
|
||||
.IP \(bu 4
|
||||
\fB\fCendpoint_pod_names\fR uses the pod name of the pod targeted by the endpoint as
|
||||
the endpoint name in A records, e.g.,
|
||||
\fB\fCendpoint-name.my-service.namespace.svc.cluster.local. in A 1.2.3.4\fR
|
||||
By default, the endpoint-name name selection is as follows: Use the hostname
|
||||
of the endpoint, or if hostname is not set, use the dashed form of the endpoint
|
||||
IP address (e.g., \fB\fC1-2-3-4.my-service.namespace.svc.cluster.local.\fR)
|
||||
If this directive is included, then name selection for endpoints changes as
|
||||
follows: Use the hostname of the endpoint, or if hostname is not set, use the
|
||||
pod name of the pod targeted by the endpoint. If there is no pod targeted by
|
||||
the endpoint, use the dashed IP address form.
|
||||
.IP \(bu 4
|
||||
\fB\fCttl\fR allows you to set a custom TTL for responses. The default is 5 seconds. The minimum TTL allowed is
|
||||
0 seconds, and the maximum is capped at 3600 seconds. Setting TTL to 0 will prevent records from being cached.
|
||||
.IP \(bu 4
|
||||
\fB\fCnoendpoints\fR will turn off the serving of endpoint records by disabling the watch on endpoints.
|
||||
All endpoint queries and headless service queries will result in an NXDOMAIN.
|
||||
.IP \(bu 4
|
||||
\fB\fCfallthrough\fR \fB[ZONES...]\fP If a query for a record in the zones for which the plugin is authoritative
|
||||
results in NXDOMAIN, normally that is what the response will be. However, if you specify this option,
|
||||
the query will instead be passed on down the plugin chain, which can include another plugin to handle
|
||||
the query. If \fB[ZONES...]\fP is omitted, then fallthrough happens for all zones for which the plugin
|
||||
is authoritative. If specific zones are listed (for example \fB\fCin-addr.arpa\fR and \fB\fCip6.arpa\fR), then only
|
||||
queries for those zones will be subject to fallthrough.
|
||||
.IP \(bu 4
|
||||
\fB\fCignore empty_service\fR returns NXDOMAIN for services without any ready endpoint addresses (e.g., ready pods).
|
||||
This allows the querying pod to continue searching for the service in the search path.
|
||||
The search path could, for example, include another Kubernetes cluster.
|
||||
|
||||
|
||||
.PP
|
||||
Enabling zone transfer is done by using the \fItransfer\fP plugin.
|
||||
|
||||
.SH "READY"
|
||||
.PP
|
||||
This plugin reports readiness to the ready plugin. This will happen after it has synced to the
|
||||
Kubernetes API.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Handle all queries in the \fB\fCcluster.local\fR zone. Connect to Kubernetes in-cluster. Also handle all
|
||||
\fB\fCin-addr.arpa\fR \fB\fCPTR\fR requests for \fB\fC10.0.0.0/17\fR . Verify the existence of pods when answering pod
|
||||
requests.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
10.0.0.0/17 cluster.local {
|
||||
kubernetes {
|
||||
pods verified
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or you can selectively expose some namespaces:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
kubernetes cluster.local {
|
||||
namespaces test staging
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Connect to Kubernetes with CoreDNS running outside the cluster:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
kubernetes cluster.local {
|
||||
endpoint https://k8s\-endpoint:8443
|
||||
tls cert key cacert
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "STUBDOMAINS AND UPSTREAMNAMESERVERS"
|
||||
.PP
|
||||
Here we use the \fIforward\fP plugin to implement a stubDomain that forwards \fB\fCexample.local\fR to the nameserver \fB\fC10.100.0.10:53\fR.
|
||||
Also configured is an upstreamNameserver \fB\fC8.8.8.8:53\fR that will be used for resolving names that do not fall in \fB\fCcluster.local\fR
|
||||
or \fB\fCexample.local\fR.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
cluster.local:53 {
|
||||
kubernetes cluster.local
|
||||
}
|
||||
example.local {
|
||||
forward . 10.100.0.10:53
|
||||
}
|
||||
|
||||
\&. {
|
||||
forward . 8.8.8.8:53
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The configuration above represents the following Kube-DNS stubDomains and upstreamNameservers configuration.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
stubDomains: |
|
||||
{“example.local”: [“10.100.0.10:53”]}
|
||||
upstreamNameservers: |
|
||||
[“8.8.8.8:53”]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "AUTOPATH"
|
||||
.PP
|
||||
The \fIkubernetes\fP plugin can be used in conjunction with the \fIautopath\fP plugin. Using this
|
||||
feature enables server-side domain search path completion in Kubernetes clusters. Note: \fB\fCpods\fR must
|
||||
be set to \fB\fCverified\fR for this to function properly. Furthermore, the remote IP address in the DNS
|
||||
packet received by CoreDNS must be the IP address of the Pod that sent the request.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
cluster.local {
|
||||
autopath @kubernetes
|
||||
kubernetes {
|
||||
pods verified
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "WILDCARDS"
|
||||
.PP
|
||||
Some query labels accept a wildcard value to match any value. If a label is a valid wildcard (*,
|
||||
or the word "any"), then that label will match all values. The labels that accept wildcards are:
|
||||
|
||||
.IP \(bu 4
|
||||
\fIendpoint\fP in an \fB\fCA\fR record request: \fIendpoint\fP.service.namespace.svc.zone, e.g., \fB\fC*.nginx.ns.svc.cluster.local\fR
|
||||
.IP \(bu 4
|
||||
\fIservice\fP in an \fB\fCA\fR record request: \fIservice\fP.namespace.svc.zone, e.g., \fB\fC*.ns.svc.cluster.local\fR
|
||||
.IP \(bu 4
|
||||
\fInamespace\fP in an \fB\fCA\fR record request: service.\fInamespace\fP.svc.zone, e.g., \fB\fCnginx.*.svc.cluster.local\fR
|
||||
.IP \(bu 4
|
||||
\fIport and/or protocol\fP in an \fB\fCSRV\fR request: \fBport_.\fPprotocol_.service.namespace.svc.zone.,
|
||||
e.g., \fB\fC_http.*.service.ns.svc.cluster.local\fR
|
||||
.IP \(bu 4
|
||||
multiple wildcards are allowed in a single query, e.g., \fB\fCA\fR Request \fB\fC*.*.svc.zone.\fR or \fB\fCSRV\fR request \fB\fC*.*.*.*.svc.zone.\fR
|
||||
|
||||
|
||||
.PP
|
||||
For example, wildcards can be used to resolve all Endpoints for a Service as \fB\fCA\fR records. e.g.: \fB\fC*.service.ns.svc.myzone.local\fR will return the Endpoint IPs in the Service \fB\fCservice\fR in namespace \fB\fCdefault\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
*.service.default.svc.cluster.local. 5 IN A 192.168.10.10
|
||||
*.service.default.svc.cluster.local. 5 IN A 192.168.25.15
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "METADATA"
|
||||
.PP
|
||||
The kubernetes plugin will publish the following metadata, if the \fImetadata\fP
|
||||
plugin is also enabled:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCkubernetes/endpoint\fR: the endpoint name in the query
|
||||
.IP \(bu 4
|
||||
\fB\fCkubernetes/kind\fR: the resource kind (pod or svc) in the query
|
||||
.IP \(bu 4
|
||||
\fB\fCkubernetes/namespace\fR: the namespace in the query
|
||||
.IP \(bu 4
|
||||
\fB\fCkubernetes/port-name\fR: the port name in an SRV query
|
||||
.IP \(bu 4
|
||||
\fB\fCkubernetes/protocol\fR: the protocol in an SRV query
|
||||
.IP \(bu 4
|
||||
\fB\fCkubernetes/service\fR: the service name in the query
|
||||
.IP \(bu 4
|
||||
\fB\fCkubernetes/client-namespace\fR: the client pod's namespace (see requirements below)
|
||||
.IP \(bu 4
|
||||
\fB\fCkubernetes/client-pod-name\fR: the client pod's name (see requirements below)
|
||||
|
||||
|
||||
.PP
|
||||
The \fB\fCkubernetes/client-namespace\fR and \fB\fCkubernetes/client-pod-name\fR metadata work by reconciling the
|
||||
client IP address in the DNS request packet to a known pod IP address. Therefore the following is required:
|
||||
* \fB\fCpods verified\fR mode must be enabled
|
||||
* the remote IP address in the DNS packet received by CoreDNS must be the IP address
|
||||
of the Pod that sent the request.
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metrics are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_kubernetes_dns_programming_duration_seconds{service_kind}\fR - Exports the
|
||||
DNS programming latency SLI
|
||||
\[la]https://github.com/kubernetes/community/blob/master/sig-scalability/slos/dns_programming_latency.md\[ra].
|
||||
The metrics has the \fB\fCservice_kind\fR label that identifies the kind of the
|
||||
kubernetes service
|
||||
\[la]https://kubernetes.io/docs/concepts/services-networking/service\[ra].
|
||||
It may take one of the three values:
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
\fB\fCcluster_ip\fR
|
||||
.IP \(en 4
|
||||
\fB\fCheadless_with_selector\fR
|
||||
.IP \(en 4
|
||||
\fB\fCheadless_without_selector\fR
|
||||
|
||||
.RE
|
||||
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
The duration metric only supports the "headless_with_selector" service currently.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
See the \fIautopath\fP plugin to enable search path optimizations. And use the \fItransfer\fP plugin to
|
||||
enable outgoing zone transfers.
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-LOADBALANCE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIloadbalance\fP - randomizes the order of A, AAAA and MX records.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIloadbalance\fP will act as a round-robin DNS load balancer by randomizing the order of A, AAAA,
|
||||
and MX records in the answer.
|
||||
|
||||
.PP
|
||||
See Wikipedia
|
||||
\[la]https://en.wikipedia.org/wiki/Round-robin_DNS\[ra] about the pros and cons of this
|
||||
setup. It will take care to sort any CNAMEs before any address records, because some stub resolver
|
||||
implementations (like glibc) are particular about that.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
loadbalance [POLICY]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBPOLICY\fP is how to balance. The default, and only option, is "round_robin".
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Load balance replies coming back from Google Public DNS:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
loadbalance round\_robin
|
||||
forward . 8.8.8.8 8.8.4.4
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,67 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-LOCAL" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIlocal\fP - respond to local names.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fIlocal\fP will respond with a basic reply to a "local request". Local request are defined to be
|
||||
names in the following zones: localhost, 0.in-addr.arpa, 127.in-addr.arpa and 255.in-addr.arpa \fIand\fP
|
||||
any query asking for \fB\fClocalhost.<domain>\fR. When seeing the latter a metric counter is increased and
|
||||
if \fIdebug\fP is enabled a debug log is emitted.
|
||||
|
||||
.PP
|
||||
With \fIlocal\fP enabled any query falling under these zones will get a reply. The prevents the query
|
||||
from "escaping" to the internet and putting strain on external infrastructure.
|
||||
|
||||
.PP
|
||||
The zones are mostly empty, only \fB\fClocalhost.\fR address records (A and AAAA) are defined and a
|
||||
\fB\fC1.0.0.127.in-addr.arpa.\fR reverse (PTR) record.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
local
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metric is exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_local_localhost_requests_total{}\fR - a counter of the number of \fB\fClocalhost.<domain>\fR
|
||||
requests CoreDNS has seen. Note this does \fInot\fP count \fB\fClocalhost.\fR queries.
|
||||
|
||||
|
||||
.PP
|
||||
Note that this metric \fIdoes not\fP have a \fB\fCserver\fR label, because it's more interesting to find the
|
||||
client(s) performing these queries than to see which server handled it. You'll need to inspect the
|
||||
debug log to get the client IP address.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
local
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
Only the \fB\fCin-addr.arpa.\fR reverse zone is implemented, \fB\fCip6.arpa.\fR queries are not intercepted.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
BIND9's configuration in Debian comes with these zones preconfigured. See the \fIdebug\fP plugin for
|
||||
enabling debug logging.
|
||||
|
|
@ -1,249 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-LOG" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIlog\fP - enables query logging to standard output.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
By just using \fIlog\fP you dump all queries (and parts for the reply) on standard output. Options exist
|
||||
to tweak the output a little. Note that for busy servers logging will incur a performance hit.
|
||||
|
||||
.PP
|
||||
Enabling or disabling the \fIlog\fP plugin only affects the query logging, any other logging from
|
||||
CoreDNS will show up regardless.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
log
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
With no arguments, a query log entry is written to \fIstdout\fP in the common log format for all requests.
|
||||
Or if you want/need slightly more control:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
log [NAMES...] [FORMAT]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCNAMES\fR is the name list to match in order to be logged
|
||||
.IP \(bu 4
|
||||
\fB\fCFORMAT\fR is the log format to use (default is Common Log Format), \fB\fC{common}\fR is used as a shortcut
|
||||
for the Common Log Format. You can also use \fB\fC{combined}\fR for a format that adds the query opcode
|
||||
\fB\fC{>opcode}\fR to the Common Log Format.
|
||||
|
||||
|
||||
.PP
|
||||
You can further specify the classes of responses that get logged:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
log [NAMES...] [FORMAT] {
|
||||
class CLASSES...
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCCLASSES\fR is a space-separated list of classes of responses that should be logged
|
||||
|
||||
|
||||
.PP
|
||||
The classes of responses have the following meaning:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCsuccess\fR: successful response
|
||||
.IP \(bu 4
|
||||
\fB\fCdenial\fR: either NXDOMAIN or nodata responses (Name exists, type does not). A nodata response
|
||||
sets the return code to NOERROR.
|
||||
.IP \(bu 4
|
||||
\fB\fCerror\fR: SERVFAIL, NOTIMP, REFUSED, etc. Anything that indicates the remote server is not willing to
|
||||
resolve the request.
|
||||
.IP \(bu 4
|
||||
\fB\fCall\fR: the default - nothing is specified. Using of this class means that all messages will be
|
||||
logged whatever we mix together with "all".
|
||||
|
||||
|
||||
.PP
|
||||
If no class is specified, it defaults to \fB\fCall\fR.
|
||||
|
||||
.SH "LOG FORMAT"
|
||||
.PP
|
||||
You can specify a custom log format with any placeholder values. Log supports both request and
|
||||
response placeholders.
|
||||
|
||||
.PP
|
||||
The following place holders are supported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fC{type}\fR: qtype of the request
|
||||
.IP \(bu 4
|
||||
\fB\fC{name}\fR: qname of the request
|
||||
.IP \(bu 4
|
||||
\fB\fC{class}\fR: qclass of the request
|
||||
.IP \(bu 4
|
||||
\fB\fC{proto}\fR: protocol used (tcp or udp)
|
||||
.IP \(bu 4
|
||||
\fB\fC{remote}\fR: client's IP address, for IPv6 addresses these are enclosed in brackets: \fB\fC[::1]\fR
|
||||
.IP \(bu 4
|
||||
\fB\fC{local}\fR: server's IP address, for IPv6 addresses these are enclosed in brackets: \fB\fC[::1]\fR
|
||||
.IP \(bu 4
|
||||
\fB\fC{size}\fR: request size in bytes
|
||||
.IP \(bu 4
|
||||
\fB\fC{port}\fR: client's port
|
||||
.IP \(bu 4
|
||||
\fB\fC{duration}\fR: response duration
|
||||
.IP \(bu 4
|
||||
\fB\fC{rcode}\fR: response RCODE
|
||||
.IP \(bu 4
|
||||
\fB\fC{rsize}\fR: raw (uncompressed), response size (a client may receive a smaller response)
|
||||
.IP \(bu 4
|
||||
\fB\fC{>rflags}\fR: response flags, each set flag will be displayed, e.g. "aa, tc". This includes the qr
|
||||
bit as well
|
||||
.IP \(bu 4
|
||||
\fB\fC{>bufsize}\fR: the EDNS0 buffer size advertised in the query
|
||||
.IP \(bu 4
|
||||
\fB\fC{>do}\fR: is the EDNS0 DO (DNSSEC OK) bit set in the query
|
||||
.IP \(bu 4
|
||||
\fB\fC{>id}\fR: query ID
|
||||
.IP \(bu 4
|
||||
\fB\fC{>opcode}\fR: query OPCODE
|
||||
.IP \(bu 4
|
||||
\fB\fC{common}\fR: the default Common Log Format.
|
||||
.IP \(bu 4
|
||||
\fB\fC{combined}\fR: the Common Log Format with the query opcode.
|
||||
.IP \(bu 4
|
||||
\fB\fC{/LABEL}\fR: any metadata label is accepted as a place holder if it is enclosed between \fB\fC{/\fR and
|
||||
\fB\fC}\fR, the place holder will be replaced by the corresponding metadata value or the default value
|
||||
\fB\fC-\fR if label is not defined. See the \fImetadata\fP plugin for more information.
|
||||
|
||||
|
||||
.PP
|
||||
The default Common Log Format is:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
`{remote}:{port} \- {>id} "{type} {class} {name} {proto} {size} {>do} {>bufsize}" {rcode} {>rflags} {rsize} {duration}`
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Each of these logs will be outputted with \fB\fClog.Infof\fR, so a typical example looks like this:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
[INFO] [::1]:50759 \- 29008 "A IN example.org. udp 41 false 4096" NOERROR qr,rd,ra,ad 68 0.037990251s
|
||||
~~~~
|
||||
|
||||
## Examples
|
||||
|
||||
Log all requests to stdout
|
||||
|
||||
~~~ corefile
|
||||
\&. {
|
||||
log
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Custom log format, for all zones (\fB\fC.\fR)
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
log . "{proto} Request: {name} {type} {>id}"
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Only log denials (NXDOMAIN and nodata) for example.org (and below)
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
log example.org {
|
||||
class denial
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Log all queries which were not resolved successfully in the Combined Log Format.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
log . {combined} {
|
||||
class denial error
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Log all queries on which we did not get errors
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
log . {
|
||||
class denial success
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Also the multiple statements can be OR-ed, for example, we can rewrite the above case as following:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
log . {
|
||||
class denial
|
||||
class success
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,123 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-LOOP" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIloop\fP - detects simple forwarding loops and halts the server.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIloop\fP plugin will send a random probe query to ourselves and will then keep track of how many times
|
||||
we see it. If we see it more than twice, we assume CoreDNS has seen a forwarding loop and we halt the process.
|
||||
|
||||
.PP
|
||||
The plugin will try to send the query for up to 30 seconds. This is done to give CoreDNS enough time
|
||||
to start up. Once a query has been successfully sent, \fIloop\fP disables itself to prevent a query of
|
||||
death.
|
||||
|
||||
.PP
|
||||
The query sent is \fB\fC<random number>.<random number>.zone\fR with type set to HINFO.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
loop
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Start a server on the default port and load the \fIloop\fP and \fIforward\fP plugins. The \fIforward\fP plugin
|
||||
forwards to it self.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
loop
|
||||
forward . 127.0.0.1
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
After CoreDNS has started it stops the process while logging:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
plugin/loop: Loop (127.0.0.1:55953 \-> :1053) detected for zone ".", see https://coredns.io/plugins/loop#troubleshooting. Query: "HINFO 4547991504243258144.3688648895315093531."
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "LIMITATIONS"
|
||||
.PP
|
||||
This plugin only attempts to find simple static forwarding loops at start up time. To detect a loop,
|
||||
the following must be true:
|
||||
|
||||
.IP \(bu 4
|
||||
the loop must be present at start up time.
|
||||
.IP \(bu 4
|
||||
the loop must occur for the \fB\fCHINFO\fR query type.
|
||||
|
||||
|
||||
.SH "TROUBLESHOOTING"
|
||||
.PP
|
||||
When CoreDNS logs contain the message \fB\fCLoop ... detected ...\fR, this means that the \fB\fCloop\fR detection
|
||||
plugin has detected an infinite forwarding loop in one of the upstream DNS servers. This is a fatal
|
||||
error because operating with an infinite loop will consume memory and CPU until eventual out of
|
||||
memory death by the host.
|
||||
|
||||
.PP
|
||||
A forwarding loop is usually caused by:
|
||||
|
||||
.IP \(bu 4
|
||||
Most commonly, CoreDNS forwarding requests directly to itself. e.g. via a loopback address such as \fB\fC127.0.0.1\fR, \fB\fC::1\fR or \fB\fC127.0.0.53\fR
|
||||
.IP \(bu 4
|
||||
Less commonly, CoreDNS forwarding to an upstream server that in turn, forwards requests back to CoreDNS.
|
||||
|
||||
|
||||
.PP
|
||||
To troubleshoot this problem, look in your Corefile for any \fB\fCforward\fRs to the zone
|
||||
in which the loop was detected. Make sure that they are not forwarding to a local address or
|
||||
to another DNS server that is forwarding requests back to CoreDNS. If \fB\fCforward\fR is
|
||||
using a file (e.g. \fB\fC/etc/resolv.conf\fR), make sure that file does not contain local addresses.
|
||||
|
||||
.SS "TROUBLESHOOTING LOOPS IN KUBERNETES CLUSTERS"
|
||||
.PP
|
||||
When a CoreDNS Pod deployed in Kubernetes detects a loop, the CoreDNS Pod will start to "CrashLoopBackOff".
|
||||
This is because Kubernetes will try to restart the Pod every time CoreDNS detects the loop and exits.
|
||||
|
||||
.PP
|
||||
A common cause of forwarding loops in Kubernetes clusters is an interaction with a local DNS cache
|
||||
on the host node (e.g. \fB\fCsystemd-resolved\fR). For example, in certain configurations \fB\fCsystemd-resolved\fR will
|
||||
put the loopback address \fB\fC127.0.0.53\fR as a nameserver into \fB\fC/etc/resolv.conf\fR. Kubernetes (via \fB\fCkubelet\fR) by default
|
||||
will pass this \fB\fC/etc/resolv.conf\fR file to all Pods using the \fB\fCdefault\fR dnsPolicy rendering them
|
||||
unable to make DNS lookups (this includes CoreDNS Pods). CoreDNS uses this \fB\fC/etc/resolv.conf\fR
|
||||
as a list of upstreams to forward requests to. Since it contains a loopback address, CoreDNS ends up forwarding
|
||||
requests to itself.
|
||||
|
||||
.PP
|
||||
There are many ways to work around this issue, some are listed here:
|
||||
|
||||
.IP \(bu 4
|
||||
Add the following to your \fB\fCkubelet\fR config yaml: \fB\fCresolvConf: <path-to-your-real-resolv-conf-file>\fR (or via command line flag \fB\fC--resolv-conf\fR deprecated in 1.10). Your "real"
|
||||
\fB\fCresolv.conf\fR is the one that contains the actual IPs of your upstream servers, and no local/loopback address.
|
||||
This flag tells \fB\fCkubelet\fR to pass an alternate \fB\fCresolv.conf\fR to Pods. For systems using \fB\fCsystemd-resolved\fR,
|
||||
\fB\fC/run/systemd/resolve/resolv.conf\fR is typically the location of the "real" \fB\fCresolv.conf\fR,
|
||||
although this can be different depending on your distribution.
|
||||
.IP \(bu 4
|
||||
Disable the local DNS cache on host nodes, and restore \fB\fC/etc/resolv.conf\fR to the original.
|
||||
.IP \(bu 4
|
||||
A quick and dirty fix is to edit your Corefile, replacing \fB\fCforward . /etc/resolv.conf\fR with
|
||||
the IP address of your upstream DNS, for example \fB\fCforward . 8.8.8.8\fR. But this only fixes the issue for CoreDNS,
|
||||
kubelet will continue to forward the invalid \fB\fCresolv.conf\fR to all \fB\fCdefault\fR dnsPolicy Pods, leaving them unable to resolve DNS.
|
||||
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-METADATA" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fImetadata\fP - enables a metadata collector.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
By enabling \fImetadata\fP any plugin that implements metadata.Provider
|
||||
interface
|
||||
\[la]https://godoc.org/github.com/coredns/coredns/plugin/metadata#Provider\[ra] will be called for
|
||||
each DNS query, at the beginning of the process for that query, in order to add its own metadata to
|
||||
context.
|
||||
|
||||
.PP
|
||||
The metadata collected will be available for all plugins, via the Context parameter provided in the
|
||||
ServeDNS function. The package (code) documentation has examples on how to inspect and retrieve
|
||||
metadata a plugin might be interested in.
|
||||
|
||||
.PP
|
||||
The metadata is added by setting a label with a value in the context. These labels should be named
|
||||
\fB\fCplugin/NAME\fR, where \fBNAME\fP is something descriptive. The only hard requirement the \fImetadata\fP
|
||||
plugin enforces is that the labels contain a slash. See the documentation for
|
||||
\fB\fCmetadata.SetValueFunc\fR.
|
||||
|
||||
.PP
|
||||
The value stored is a string. The empty string signals "no metadata". See the documentation for
|
||||
\fB\fCmetadata.ValueFunc\fR on how to retrieve this.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
metadata [ZONES... ]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones metadata should be invoked for.
|
||||
|
||||
|
||||
.SH "PLUGINS"
|
||||
.PP
|
||||
\fB\fCmetadata.Provider\fR interface needs to be implemented by each plugin willing to provide metadata
|
||||
information for other plugins. It will be called by metadata and gather the information from all
|
||||
plugins in context.
|
||||
|
||||
.PP
|
||||
Note: this method should work quickly, because it is called for every request.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
The \fIrewrite\fP plugin uses meta data to rewrite requests.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
The Provider interface
|
||||
\[la]https://godoc.org/github.com/coredns/coredns/plugin/metadata#Provider\[ra] and
|
||||
the package level
|
||||
\[la]https://godoc.org/github.com/coredns/coredns/plugin/metadata\[ra] documentation.
|
||||
|
|
@ -1,116 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-METRICS" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIprometheus\fP - enables Prometheus
|
||||
\[la]https://prometheus.io/\[ra] metrics.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
With \fIprometheus\fP you export metrics from CoreDNS and any plugin that has them.
|
||||
The default location for the metrics is \fB\fClocalhost:9153\fR. The metrics path is fixed to \fB\fC/metrics\fR.
|
||||
The following metrics are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_build_info{version, revision, goversion}\fR - info about CoreDNS itself.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_panics_total{}\fR - total number of panics.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dns_requests_total{server, zone, proto, family, type}\fR - total query count.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dns_request_duration_seconds{server, zone, type}\fR - duration to process each query.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dns_request_size_bytes{server, zone, proto}\fR - size of the request in bytes.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dns_do_requests_total{server, zone}\fR - queries that have the DO bit set
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dns_response_size_bytes{server, zone, proto}\fR - response size in bytes.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_dns_responses_total{server, zone, rcode}\fR - response per zone and rcode.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_plugin_enabled{server, zone, name}\fR - indicates whether a plugin is enabled on per server and zone basis.
|
||||
|
||||
|
||||
.PP
|
||||
Each counter has a label \fB\fCzone\fR which is the zonename used for the request/response.
|
||||
|
||||
.PP
|
||||
Extra labels used are:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCserver\fR is identifying the server responsible for the request. This is a string formatted
|
||||
as the server's listening address: \fB\fC<scheme>://[<bind>]:<port>\fR. I.e. for a "normal" DNS server
|
||||
this is \fB\fCdns://:53\fR. If you are using the \fIbind\fP plugin an IP address is included, e.g.: \fB\fCdns://127.0.0.53:53\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCproto\fR which holds the transport of the response ("udp" or "tcp")
|
||||
.IP \(bu 4
|
||||
The address family (\fB\fCfamily\fR) of the transport (1 = IP (IP version 4), 2 = IP6 (IP version 6)).
|
||||
.IP \(bu 4
|
||||
\fB\fCtype\fR which holds the query type. It holds most common types (A, AAAA, MX, SOA, CNAME, PTR, TXT,
|
||||
NS, SRV, DS, DNSKEY, RRSIG, NSEC, NSEC3, IXFR, AXFR and ANY) and "other" which lumps together all
|
||||
other types.
|
||||
|
||||
|
||||
.PP
|
||||
If monitoring is enabled, queries that do not enter the plugin chain are exported under the fake
|
||||
name "dropped" (without a closing dot - this is never a valid domain name).
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
prometheus [ADDRESS]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
For each zone that you want to see metrics for.
|
||||
|
||||
.PP
|
||||
It optionally takes a bind address to which the metrics are exported; the default
|
||||
listens on \fB\fClocalhost:9153\fR. The metrics path is fixed to \fB\fC/metrics\fR.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Use an alternative listening address:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
prometheus localhost:9253
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or via an environment variable (this is supported throughout the Corefile): \fB\fCexport PORT=9253\fR, and
|
||||
then:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
prometheus localhost:{$PORT}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
When reloading, the Prometheus handler is stopped before the new server instance is started.
|
||||
If that new server fails to start, then the initial server instance is still available and DNS queries still served,
|
||||
but Prometheus handler stays down.
|
||||
Prometheus will not reply HTTP request until a successful reload or a complete restart of CoreDNS.
|
||||
Only the plugins that register as Handler are visible in \fB\fCcoredns_plugin_enabled{server, zone, name}\fR. As of today the plugins reload and bind will not be reported.
|
||||
|
|
@ -1,49 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-MINIMAL" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIminimal\fP - minimizes size of the DNS response message whenever possible.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIminimal\fP plugin tries to minimize the size of the response. Depending on the response type it
|
||||
removes resource records from the AUTHORITY and ADDITIONAL sections.
|
||||
|
||||
.PP
|
||||
Specifically this plugin looks at successful responses (this excludes negative responses, i.e.
|
||||
nodata or name error). If the successful response isn't a delegation only the RRs in the answer
|
||||
section are written to the client.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
minimal
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable minimal responses:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
whoami
|
||||
forward . 8.8.8.8
|
||||
minimal
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
BIND 9 Configuration Reference
|
||||
\[la]https://bind9.readthedocs.io/en/latest/reference.html#boolean-options\[ra]
|
||||
|
|
@ -1,78 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-NSID" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fInsid\fP - adds an identifier of this server to each reply.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
This plugin implements RFC 5001
|
||||
\[la]https://tools.ietf.org/html/rfc5001\[ra] and adds an EDNS0 OPT
|
||||
resource record to replies that uniquely identify the server. This is useful in anycast setups to
|
||||
see which server was responsible for generating the reply and for debugging.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
nsid [DATA]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
\fBDATA\fP is the string to use in the nsid record.
|
||||
|
||||
.PP
|
||||
If \fBDATA\fP is not given, the host's name is used.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable nsid:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
whoami
|
||||
nsid Use The Force
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
And now a client with NSID support will see an OPT record with the NSID option:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
% dig +nsid @localhost a whoami.example.org
|
||||
|
||||
;; Got answer:
|
||||
;; \->>HEADER<<\- opcode: QUERY, status: NOERROR, id: 46880
|
||||
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 3
|
||||
|
||||
\&....
|
||||
|
||||
; OPT PSEUDOSECTION:
|
||||
; EDNS: version: 0, flags:; udp: 4096
|
||||
; NSID: 55 73 65 20 54 68 65 20 46 6f 72 63 65 ("Use The Force")
|
||||
;; QUESTION SECTION:
|
||||
;whoami.example.org. IN A
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
RFC 5001
|
||||
\[la]https://tools.ietf.org/html/rfc5001\[ra]
|
||||
|
|
@ -1,115 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-PPROF" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIpprof\fP - publishes runtime profiling data at endpoints under \fB\fC/debug/pprof\fR.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
You can visit \fB\fC/debug/pprof\fR on your site for an index of the available endpoints. By default it
|
||||
will listen on localhost:6053.
|
||||
|
||||
.PP
|
||||
This is a debugging tool. Certain requests (such as collecting execution traces) can be slow. If
|
||||
you use pprof on a live server, consider restricting access or enabling it only temporarily.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
pprof [ADDRESS]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Optionally pprof takes an address; the default is \fB\fClocalhost:6053\fR.
|
||||
|
||||
.PP
|
||||
An extra option can be set with this extended syntax:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
pprof [ADDRESS] {
|
||||
block [RATE]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCblock\fR option enables block profiling, \fBRATE\fP defaults to 1. \fBRATE\fP must be a positive value.
|
||||
See Diagnostics, chapter profiling
|
||||
\[la]https://golang.org/doc/diagnostics.html\[ra] and
|
||||
runtime.SetBlockProfileRate
|
||||
\[la]https://golang.org/pkg/runtime/#SetBlockProfileRate\[ra] for what block
|
||||
profiling entails.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable a pprof endpoint:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
pprof
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
And use the pprof tool to get statistics: \fB\fCgo tool pprof http://localhost:6053\fR.
|
||||
|
||||
.PP
|
||||
Listen on an alternate address:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
pprof 10.9.8.7:6060
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Listen on an all addresses on port 6060, and enable block profiling
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
pprof :6060 {
|
||||
block
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
See Go's pprof documentation
|
||||
\[la]https://golang.org/pkg/net/http/pprof/\[ra] and Profiling Go
|
||||
Programs
|
||||
\[la]https://blog.golang.org/profiling-go-programs\[ra].
|
||||
|
||||
.PP
|
||||
See runtime.SetBlockProfileRate
|
||||
\[la]https://golang.org/pkg/runtime/#SetBlockProfileRate\[ra] for
|
||||
background on block profiling.
|
||||
|
|
@ -1,77 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-READY" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIready\fP - enables a readiness check HTTP endpoint.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
By enabling \fIready\fP an HTTP endpoint on port 8181 will return 200 OK, when all plugins that are able
|
||||
to signal readiness have done so. If some are not ready yet the endpoint will return a 503 with the
|
||||
body containing the list of plugins that are not ready. Once a plugin has signaled it is ready it
|
||||
will not be queried again.
|
||||
|
||||
.PP
|
||||
Each Server Block that enables the \fIready\fP plugin will have the plugins \fIin that server block\fP
|
||||
report readiness into the /ready endpoint that runs on the same port. This also means that the
|
||||
\fIsame\fP plugin with different configurations (in potentially \fIdifferent\fP Server Blocks) will have
|
||||
their readiness reported as the union of their respective readinesses.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
ready [ADDRESS]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
\fIready\fP optionally takes an address; the default is \fB\fC:8181\fR. The path is fixed to \fB\fC/ready\fR. The
|
||||
readiness endpoint returns a 200 response code and the word "OK" when this server is ready. It
|
||||
returns a 503 otherwise \fIand\fP the list of plugins that are not ready.
|
||||
|
||||
.SH "PLUGINS"
|
||||
.PP
|
||||
Any plugin wanting to signal readiness will need to implement the \fB\fCready.Readiness\fR interface by
|
||||
implementing a method \fB\fCReady() bool\fR that returns true when the plugin is ready and false otherwise.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Let \fIready\fP report readiness for both the \fB\fC.\fR and \fB\fCexample.org\fR servers (assuming the \fIwhois\fP
|
||||
plugin also exports readiness):
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
ready
|
||||
erratic
|
||||
}
|
||||
|
||||
example.org {
|
||||
ready
|
||||
whoami
|
||||
}
|
||||
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Run \fIready\fP on a different port.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
ready localhost:8091
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,152 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-RELOAD" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIreload\fP - allows automatic reload of a changed Corefile.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
This plugin allows automatic reload of a changed \fICorefile\fP.
|
||||
To enable automatic reloading of \fIzone file\fP changes, use the \fB\fCauto\fR plugin.
|
||||
|
||||
.PP
|
||||
This plugin periodically checks if the Corefile has changed by reading
|
||||
it and calculating its MD5 checksum. If the file has changed, it reloads
|
||||
CoreDNS with the new Corefile. This eliminates the need to send a SIGHUP
|
||||
or SIGUSR1 after changing the Corefile.
|
||||
|
||||
.PP
|
||||
The reloads are graceful - you should not see any loss of service when the
|
||||
reload happens. Even if the new Corefile has an error, CoreDNS will continue
|
||||
to run the old config and an error message will be printed to the log. But see
|
||||
the Bugs section for failure modes.
|
||||
|
||||
.PP
|
||||
In some environments (for example, Kubernetes), there may be many CoreDNS
|
||||
instances that started very near the same time and all share a common
|
||||
Corefile. To prevent these all from reloading at the same time, some
|
||||
jitter is added to the reload check interval. This is jitter from the
|
||||
perspective of multiple CoreDNS instances; each instance still checks on a
|
||||
regular interval, but all of these instances will have their reloads spread
|
||||
out across the jitter duration. This isn't strictly necessary given that the
|
||||
reloads are graceful, and can be disabled by setting the jitter to \fB\fC0s\fR.
|
||||
|
||||
.PP
|
||||
Jitter is re-calculated whenever the Corefile is reloaded.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
reload [INTERVAL] [JITTER]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The plugin will check for changes every \fBINTERVAL\fP, subject to +/- the \fBJITTER\fP duration.
|
||||
|
||||
.IP \(bu 4
|
||||
\fBINTERVAL\fP and \fBJITTER\fP are Golang durations
|
||||
\[la]https://golang.org/pkg/time/#ParseDuration\[ra].
|
||||
The default \fBINTERVAL\fP is 30s, default \fBJITTER\fP is 15s, the minimal value for \fBINTERVAL\fP
|
||||
is 2s, and for \fBJITTER\fP it is 1s. If \fBJITTER\fP is more than half of \fBINTERVAL\fP, it will be
|
||||
set to half of \fBINTERVAL\fP
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Check with the default intervals:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
reload
|
||||
erratic
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Check every 10 seconds (jitter is automatically set to 10 / 2 = 5 in this case):
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
reload 10s
|
||||
erratic
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
The reload happens without data loss (i.e. DNS queries keep flowing), but there is a corner case
|
||||
where the reload fails, and you loose functionality. Consider the following Corefile:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
health :8080
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
CoreDNS starts and serves health from :8080. Now you change \fB\fC:8080\fR to \fB\fC:443\fR not knowing a process
|
||||
is already listening on that port. The process reloads and performs the following steps:
|
||||
|
||||
.IP 1\. 4
|
||||
close the listener on 8080
|
||||
.IP 2\. 4
|
||||
reload and parse the config again
|
||||
.IP 3\. 4
|
||||
fail to start a new listener on 443
|
||||
.IP 4\. 4
|
||||
fail loading the new Corefile, abort and keep using the old process
|
||||
|
||||
|
||||
.PP
|
||||
After the aborted attempt to reload we are left with the old processes running, but the listener is
|
||||
closed in step 1; so the health endpoint is broken. The same can happen in the prometheus plugin.
|
||||
|
||||
.PP
|
||||
In general be careful with assigning new port and expecting reload to work fully.
|
||||
|
||||
.PP
|
||||
In CoreDNS v1.6.0 and earlier any \fB\fCimport\fR statements are not discovered by this plugin.
|
||||
This means if any of these imported files changes the \fIreload\fP plugin is ignorant of that fact.
|
||||
CoreDNS v1.7.0 and later does parse the Corefile and supports detecting changes in imported files.
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metric is exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_reload_failed_total{}\fR - counts the number of failed reload attempts.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_reload_version_info{hash, value}\fR - record the hash value during reload.
|
||||
|
||||
|
||||
.PP
|
||||
Currently the type of \fB\fChash\fR is "md5", the \fB\fCvalue\fR is the returned hash value.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
See coredns-import(7) and corefile(5).
|
||||
|
|
@ -1,470 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-REWRITE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIrewrite\fP - performs internal message rewriting.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
Rewrites are invisible to the client. There are simple rewrites (fast) and complex rewrites
|
||||
(slower), but they're powerful enough to accommodate most dynamic back-end applications.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
A simplified/easy-to-digest syntax for \fIrewrite\fP is...
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite [continue|stop] FIELD [FROM TO|FROM TTL]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBFIELD\fP indicates what part of the request/response is being re-written.
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
\fB\fCtype\fR - the type field of the request will be rewritten. FROM/TO must be a DNS record type (\fB\fCA\fR, \fB\fCMX\fR, etc.);
|
||||
e.g., to rewrite ANY queries to HINFO, use \fB\fCrewrite type ANY HINFO\fR.
|
||||
.IP \(en 4
|
||||
\fB\fCclass\fR - the class of the message will be rewritten. FROM/TO must be a DNS class type (\fB\fCIN\fR, \fB\fCCH\fR, or \fB\fCHS\fR); e.g., to rewrite CH queries to IN use \fB\fCrewrite class CH IN\fR.
|
||||
.IP \(en 4
|
||||
\fB\fCname\fR - the query name in the \fIrequest\fP is rewritten; by default this is a full match of the
|
||||
name, e.g., \fB\fCrewrite name example.net example.org\fR. Other match types are supported, see the \fBName Field Rewrites\fP section below.
|
||||
.IP \(en 4
|
||||
\fB\fCanswer name\fR - the query name in the \fIresponse\fP is rewritten. This option has special restrictions and requirements, in particular it must always combined with a \fB\fCname\fR rewrite. See below in the \fBResponse Rewrites\fP section.
|
||||
.IP \(en 4
|
||||
\fB\fCedns0\fR - an EDNS0 option can be appended to the request as described below in the \fBEDNS0 Options\fP section.
|
||||
.IP \(en 4
|
||||
\fB\fCttl\fR - the TTL value in the \fIresponse\fP is rewritten.
|
||||
|
||||
.RE
|
||||
.IP \(bu 4
|
||||
\fBFROM\fP is the name (exact, suffix, prefix, substring, or regex) or type to match
|
||||
.IP \(bu 4
|
||||
\fBTO\fP is the destination name or type to rewrite to
|
||||
.IP \(bu 4
|
||||
\fBTTL\fP is the number of seconds to set the TTL value to
|
||||
|
||||
|
||||
.PP
|
||||
If you specify multiple rules and an incoming query matches multiple rules, the rewrite
|
||||
will behave as follows:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcontinue\fR will continue applying the next rule in the rule list.
|
||||
.IP \(bu 4
|
||||
\fB\fCstop\fR will consider the current rule the last rule and will not continue. The default behaviour is \fB\fCstop\fR
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.SS "NAME FIELD REWRITES"
|
||||
.PP
|
||||
The \fB\fCrewrite\fR plugin offers the ability to match the name in the question section of
|
||||
a DNS request. The match could be exact, a substring match, or based on a prefix, suffix, or regular
|
||||
expression. If the newly used name is not a legal domain name, the plugin returns an error to the
|
||||
client.
|
||||
|
||||
.PP
|
||||
The syntax for name rewriting is as follows:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite [continue|stop] name [exact|prefix|suffix|substring|regex] STRING STRING
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The match type, e.g., \fB\fCexact\fR, \fB\fCsubstring\fR, etc., triggers rewrite:
|
||||
|
||||
.IP \(bu 4
|
||||
\fBexact\fP (default): on an exact match of the name in the question section of a request
|
||||
.IP \(bu 4
|
||||
\fBsubstring\fP: on a partial match of the name in the question section of a request
|
||||
.IP \(bu 4
|
||||
\fBprefix\fP: when the name begins with the matching string
|
||||
.IP \(bu 4
|
||||
\fBsuffix\fP: when the name ends with the matching string
|
||||
.IP \(bu 4
|
||||
\fBregex\fP: when the name in the question section of a request matches a regular expression
|
||||
|
||||
|
||||
.PP
|
||||
If the match type is omitted, the \fB\fCexact\fR match type is assumed.
|
||||
|
||||
.PP
|
||||
The following instruction allows rewriting names in the query that
|
||||
contain the substring \fB\fCservice.us-west-1.example.org\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite name substring service.us\-west\-1.example.org service.us\-west\-1.consul
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Thus:
|
||||
|
||||
.IP \(bu 4
|
||||
Incoming Request Name: \fB\fCftp.service.us-west-1.example.org\fR
|
||||
.IP \(bu 4
|
||||
Rewritten Request Name: \fB\fCftp.service.us-west-1.consul\fR
|
||||
|
||||
|
||||
.PP
|
||||
The following instruction uses regular expressions. Names in requests
|
||||
matching the regular expression \fB\fC(.*)-(us-west-1)\.example\.org\fR are replaced with
|
||||
\fB\fC{1}.service.{2}.consul\fR, where \fB\fC{1}\fR and \fB\fC{2}\fR are regular expression match groups.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite name regex (.*)\-(us\-west\-1)\\.example\\.org {1}.service.{2}.consul
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Thus:
|
||||
|
||||
.IP \(bu 4
|
||||
Incoming Request Name: \fB\fCftp-us-west-1.example.org\fR
|
||||
.IP \(bu 4
|
||||
Rewritten Request Name: \fB\fCftp.service.us-west-1.consul\fR
|
||||
|
||||
|
||||
.PP
|
||||
The following example rewrites the \fB\fCschmoogle.com\fR suffix to \fB\fCgoogle.com\fR.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite name suffix .schmoogle.com. .google.com.
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "RESPONSE REWRITES"
|
||||
.PP
|
||||
When rewriting incoming DNS requests' names, CoreDNS re-writes the \fB\fCQUESTION SECTION\fR
|
||||
section of the requests. It may be necessary to rewrite the \fB\fCANSWER SECTION\fR of the
|
||||
requests, because some DNS resolvers treat mismatches between the \fB\fCQUESTION SECTION\fR
|
||||
and \fB\fCANSWER SECTION\fR as a man-in-the-middle attack (MITM).
|
||||
|
||||
.PP
|
||||
For example, a user tries to resolve \fB\fCftp-us-west-1.coredns.rocks\fR. The
|
||||
CoreDNS configuration file has the following rule:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite name regex (.*)\-(us\-west\-1)\\.coredns\\.rocks {1}.service.{2}.consul
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
CoreDNS rewrote the request from \fB\fCftp-us-west-1.coredns.rocks\fR to
|
||||
\fB\fCftp.service.us-west-1.consul\fR and ultimately resolved it to 3 records.
|
||||
The resolved records, in the \fB\fCANSWER SECTION\fR below, were not from \fB\fCcoredns.rocks\fR, but
|
||||
rather from \fB\fCservice.us-west-1.consul\fR.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
$ dig @10.1.1.1 ftp\-us\-west\-1.coredns.rocks
|
||||
|
||||
;; QUESTION SECTION:
|
||||
;ftp\-us\-west\-1.coredns.rocks. IN A
|
||||
|
||||
;; ANSWER SECTION:
|
||||
ftp.service.us\-west\-1.consul. 0 IN A 10.10.10.10
|
||||
ftp.service.us\-west\-1.consul. 0 IN A 10.20.20.20
|
||||
ftp.service.us\-west\-1.consul. 0 IN A 10.30.30.30
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The above is a mismatch between the question asked and the answer provided.
|
||||
|
||||
.PP
|
||||
The following configuration snippet allows for rewriting of the
|
||||
\fB\fCANSWER SECTION\fR, provided that the \fB\fCQUESTION SECTION\fR was rewritten:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite stop {
|
||||
name regex (.*)\-(us\-west\-1)\\.coredns\\.rocks {1}.service.{2}.consul
|
||||
answer name (.*)\\.service\\.(us\-west\-1)\\.consul {1}\-{2}.coredns.rocks
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Now, the \fB\fCANSWER SECTION\fR matches the \fB\fCQUESTION SECTION\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
$ dig @10.1.1.1 ftp\-us\-west\-1.coredns.rocks
|
||||
|
||||
;; QUESTION SECTION:
|
||||
;ftp\-us\-west\-1.coredns.rocks. IN A
|
||||
|
||||
;; ANSWER SECTION:
|
||||
ftp\-us\-west\-1.coredns.rocks. 0 IN A 10.10.10.10
|
||||
ftp\-us\-west\-1.coredns.rocks. 0 IN A 10.20.20.20
|
||||
ftp\-us\-west\-1.coredns.rocks. 0 IN A 10.30.30.30
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
It is also possible to rewrite other values returned in the DNS response records
|
||||
(e.g. the server names returned in \fB\fCSRV\fR and \fB\fCMX\fR records). This can be enabled by adding
|
||||
the \fB\fCanswer value\fR to a name regex rule as specified below. \fB\fCanswer value\fR takes a
|
||||
regular expression and a rewrite name as parameters and works in the same way as the
|
||||
\fB\fCanswer name\fR rule.
|
||||
|
||||
.PP
|
||||
Note that names in the \fB\fCAUTHORITY SECTION\fR and \fB\fCADDITIONAL SECTION\fR will also be
|
||||
rewritten following the specified rules. The names returned by the following
|
||||
record types: \fB\fCCNAME\fR, \fB\fCDNAME\fR, \fB\fCSOA\fR, \fB\fCSRV\fR, \fB\fCMX\fR, \fB\fCNAPTR\fR, \fB\fCNS\fR will be rewritten
|
||||
if the \fB\fCanswer value\fR rule is specified.
|
||||
|
||||
.PP
|
||||
The syntax for the rewrite of DNS request and response is as follows:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite [continue|stop] {
|
||||
name regex STRING STRING
|
||||
answer name STRING STRING
|
||||
[answer value STRING STRING]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Note that the above syntax is strict. For response rewrites, only \fB\fCname\fR
|
||||
rules are allowed to match the question section, and only by match type
|
||||
\fB\fCregex\fR. The answer rewrite must be after the name, as in the
|
||||
syntax example.
|
||||
|
||||
.PP
|
||||
An alternate syntax for rewriting a DNS request and response is as
|
||||
follows:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite [continue|stop] name regex STRING STRING answer name STRING STRING [answer value STRING STRING]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
When using \fB\fCexact\fR name rewrite rules, the answer gets rewritten automatically,
|
||||
and there is no need to define \fB\fCanswer name\fR. The rule below
|
||||
rewrites the name in a request from \fB\fCRED\fR to \fB\fCBLUE\fR, and subsequently
|
||||
rewrites the name in a corresponding response from \fB\fCBLUE\fR to \fB\fCRED\fR. The
|
||||
client in the request would see only \fB\fCRED\fR and no \fB\fCBLUE\fR.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite [continue|stop] name exact RED BLUE
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "TTL FIELD REWRITES"
|
||||
.PP
|
||||
At times, the need to rewrite a TTL value could arise. For example, a DNS server
|
||||
may not cache records with a TTL of zero (\fB\fC0\fR). An administrator
|
||||
may want to increase the TTL to ensure it is cached, e.g., by increasing it to 15 seconds.
|
||||
|
||||
.PP
|
||||
In the below example, the TTL in the answers for \fB\fCcoredns.rocks\fR domain are
|
||||
being set to \fB\fC15\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite continue {
|
||||
ttl regex (.*)\\.coredns\\.rocks 15
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
By the same token, an administrator may use this feature to prevent or limit caching by
|
||||
setting the TTL value really low.
|
||||
|
||||
.PP
|
||||
The syntax for the TTL rewrite rule is as follows. The meaning of
|
||||
\fB\fCexact|prefix|suffix|substring|regex\fR is the same as with the name rewrite rules.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite [continue|stop] ttl [exact|prefix|suffix|substring|regex] STRING SECONDS
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "EDNS0 OPTIONS"
|
||||
.PP
|
||||
Using the FIELD edns0, you can set, append, or replace specific EDNS0 options in the request.
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCreplace\fR will modify any "matching" option with the specified option. The criteria for "matching" varies based on EDNS0 type.
|
||||
.IP \(bu 4
|
||||
\fB\fCappend\fR will add the option only if no matching option exists
|
||||
.IP \(bu 4
|
||||
\fB\fCset\fR will modify a matching option or add one if none is found
|
||||
|
||||
|
||||
.PP
|
||||
Currently supported are \fB\fCEDNS0_LOCAL\fR, \fB\fCEDNS0_NSID\fR and \fB\fCEDNS0_SUBNET\fR.
|
||||
|
||||
.SS "EDNS0_LOCAL"
|
||||
.PP
|
||||
This has two fields, code and data. A match is defined as having the same code. Data may be a string or a variable.
|
||||
|
||||
.IP \(bu 4
|
||||
A string data is treated as hex if it starts with \fB\fC0x\fR. Example:
|
||||
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
rewrite edns0 local set 0xffee 0x61626364
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
rewrites the first local option with code 0xffee, setting the data to "abcd". This is equivalent to:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
rewrite edns0 local set 0xffee abcd
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
A variable data is specified with a pair of curly brackets \fB\fC{}\fR. Following are the supported variables:
|
||||
{qname}, {qtype}, {client\fIip}, {client\fPport}, {protocol}, {server\fIip}, {server\fPport}.
|
||||
.IP \(bu 4
|
||||
If the metadata plugin is enabled, then labels are supported as variables if they are presented within curly brackets.
|
||||
The variable data will be replaced with the value associated with that label. If that label is not provided,
|
||||
the variable will be silently substituted with an empty string.
|
||||
|
||||
|
||||
.PP
|
||||
Examples:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite edns0 local set 0xffee {client\_ip}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The following example uses metadata and an imaginary "some-plugin" that would provide "some-label" as metadata information.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
metadata
|
||||
some\-plugin
|
||||
rewrite edns0 local set 0xffee {some\-plugin/some\-label}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "EDNS0_NSID"
|
||||
.PP
|
||||
This has no fields; it will add an NSID option with an empty string for the NSID. If the option already exists
|
||||
and the action is \fB\fCreplace\fR or \fB\fCset\fR, then the NSID in the option will be set to the empty string.
|
||||
|
||||
.SS "EDNS0_SUBNET"
|
||||
.PP
|
||||
This has two fields, IPv4 bitmask length and IPv6 bitmask length. The bitmask
|
||||
length is used to extract the client subnet from the source IP address in the query.
|
||||
|
||||
.PP
|
||||
Example:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite edns0 subnet set 24 56
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
If the query's source IP address is an IPv4 address, the first 24 bits in the IP will be the network subnet.
|
||||
.IP \(bu 4
|
||||
If the query's source IP address is an IPv6 address, the first 56 bits in the IP will be the network subnet.
|
||||
|
||||
|
||||
.SH "FULL SYNTAX"
|
||||
.PP
|
||||
The full plugin usage syntax is harder to digest...
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
rewrite [continue|stop] {type|class|edns0|name [exact|prefix|suffix|substring|regex [FROM TO answer name]]} FROM TO
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The syntax above doesn't cover the multi-line block option for specifying a name request+response rewrite rule described in the \fBResponse Rewrite\fP section.
|
||||
|
|
@ -1,43 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-ROOT" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIroot\fP - simply specifies the root of where to find (zone) files.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The default root is the current working directory of CoreDNS. The \fIroot\fP plugin allows you to change
|
||||
this. A relative root path is relative to the current working directory.
|
||||
|
||||
.PP
|
||||
This plugin can only be used once per Server Block.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
root PATH
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
\fBPATH\fP is the directory to set as CoreDNS' root.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Serve zone data (when the \fIfile\fP plugin is used) from \fB\fC/etc/coredns/zones\fR:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
root /etc/coredns/zones
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,142 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-ROUTE53" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIroute53\fP - enables serving zone data from AWS route53.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The route53 plugin is useful for serving zones from resource record
|
||||
sets in AWS route53. This plugin supports all Amazon Route 53 records
|
||||
(https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html
|
||||
\[la]https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html\[ra]).
|
||||
The route53 plugin can be used when coredns is deployed on AWS or elsewhere.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
route53 [ZONE:HOSTED\_ZONE\_ID...] {
|
||||
aws\_access\_key [AWS\_ACCESS\_KEY\_ID AWS\_SECRET\_ACCESS\_KEY]
|
||||
credentials PROFILE [FILENAME]
|
||||
fallthrough [ZONES...]
|
||||
refresh DURATION
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONE\fP the name of the domain to be accessed. When there are multiple zones with overlapping
|
||||
domains (private vs. public hosted zone), CoreDNS does the lookup in the given order here.
|
||||
Therefore, for a non-existing resource record, SOA response will be from the rightmost zone.
|
||||
.IP \(bu 4
|
||||
\fBHOSTED_ZONE_ID\fP the ID of the hosted zone that contains the resource record sets to be
|
||||
accessed.
|
||||
.IP \(bu 4
|
||||
\fBAWS_ACCESS_KEY_ID\fP and \fBAWS_SECRET_ACCESS_KEY\fP the AWS access key ID and secret access key
|
||||
to be used when query AWS (optional). If they are not provided, then coredns tries to access
|
||||
AWS credentials the same way as AWS CLI, e.g., environmental variables, AWS credentials file,
|
||||
instance profile credentials, etc.
|
||||
.IP \(bu 4
|
||||
\fB\fCcredentials\fR is used for reading the credential \fBFILENAME\fP and setting the \fBPROFILE\fP name for a given
|
||||
zone. \fBPROFILE\fP is the AWS account profile name. Defaults to \fB\fCdefault\fR. \fBFILENAME\fP is the
|
||||
AWS credentials filename, defaults to \fB\fC~/.aws/credentials\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCfallthrough\fR If zone matches and no record can be generated, pass request to the next plugin.
|
||||
If \fBZONES\fP is omitted, then fallthrough happens for all zones for which the plugin is
|
||||
authoritative. If specific zones are listed (for example \fB\fCin-addr.arpa\fR and \fB\fCip6.arpa\fR), then
|
||||
only queries for those zones will be subject to fallthrough.
|
||||
.IP \(bu 4
|
||||
\fB\fCrefresh\fR can be used to control how long between record retrievals from Route 53. It requires
|
||||
a duration string as a parameter to specify the duration between update cycles. Each update
|
||||
cycle may result in many AWS API calls depending on how many domains use this plugin and how
|
||||
many records are in each. Adjusting the update frequency may help reduce the potential of API
|
||||
rate-limiting imposed by AWS.
|
||||
.IP \(bu 4
|
||||
\fBDURATION\fP A duration string. Defaults to \fB\fC1m\fR. If units are unspecified, seconds are assumed.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Enable route53 with implicit AWS credentials and resolve CNAMEs via 10.0.0.1:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7
|
||||
}
|
||||
|
||||
\&. {
|
||||
forward . 10.0.0.1
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable route53 with explicit AWS credentials:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 {
|
||||
aws\_access\_key AWS\_ACCESS\_KEY\_ID AWS\_SECRET\_ACCESS\_KEY
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable route53 with fallthrough:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 example.gov.:Z654321543245 {
|
||||
fallthrough example.gov.
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable route53 with multiple hosted zones with the same domain:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 example.org.:Z93A52145678156
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Enable route53 and refresh records every 3 minutes
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
route53 example.org.:Z1Z2Z3Z4DZ5Z6Z7 {
|
||||
refresh 3m
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
|
@ -1,97 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-SECONDARY" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIsecondary\fP - enables serving a zone retrieved from a primary server.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
With \fIsecondary\fP you can transfer (via AXFR) a zone from another server. The retrieved zone is
|
||||
\fInot committed\fP to disk (a violation of the RFC). This means restarting CoreDNS will cause it to
|
||||
retrieve all secondary zones.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
secondary [ZONES...]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones it should be authoritative for. If empty, the zones from the configuration block
|
||||
are used. Note that without a remote address to \fIget\fP the zone from, the above is not that useful.
|
||||
|
||||
|
||||
.PP
|
||||
A working syntax would be:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
secondary [zones...] {
|
||||
transfer from ADDRESS [ADDRESS...]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCtransfer from\fR specifies from which \fBADDRESS\fP to fetch the zone. It can be specified multiple
|
||||
times; if one does not work, another will be tried. Transfering this zone outwards again can be
|
||||
done by enabling the \fItransfer\fP plugin.
|
||||
|
||||
|
||||
.PP
|
||||
When a zone is due to be refreshed (refresh timer fires) a random jitter of 5 seconds is applied,
|
||||
before fetching. In the case of retry this will be 2 seconds. If there are any errors during the
|
||||
transfer in, the transfer fails; this will be logged.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Transfer \fB\fCexample.org\fR from 10.0.1.1, and if that fails try 10.1.2.1.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
secondary {
|
||||
transfer from 10.0.1.1 10.1.2.1
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or re-export the retrieved zone to other secondaries.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.net {
|
||||
secondary {
|
||||
transfer from 10.1.2.1
|
||||
}
|
||||
transfer {
|
||||
to *
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
Only AXFR is supported and the retrieved zone is not committed to disk.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
See the \fItransfer\fP plugin to enable zone transfers \fIto\fP other servers.
|
||||
|
|
@ -1,228 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-SIGN" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIsign\fP - adds DNSSEC records to zone files.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIsign\fP plugin is used to sign (see RFC 6781) zones. In this process DNSSEC resource records are
|
||||
added. The signatures that sign the resource records sets have an expiration date, this means the
|
||||
signing process must be repeated before this expiration data is reached. Otherwise the zone's data
|
||||
will go BAD (RFC 4035, Section 5.5). The \fIsign\fP plugin takes care of this.
|
||||
|
||||
.PP
|
||||
Only NSEC is supported, \fIsign\fP does \fInot\fP support NSEC3.
|
||||
|
||||
.PP
|
||||
\fISign\fP works in conjunction with the \fIfile\fP and \fIauto\fP plugins; this plugin \fBsigns\fP the zones
|
||||
files, \fIauto\fP and \fIfile\fP \fBserve\fP the zones \fIdata\fP.
|
||||
|
||||
.PP
|
||||
For this plugin to work at least one Common Signing Key, (see coredns-keygen(1)) is needed. This key
|
||||
(or keys) will be used to sign the entire zone. \fISign\fP does \fInot\fP support the ZSK/KSK split, nor will
|
||||
it do key or algorithm rollovers - it just signs.
|
||||
|
||||
.PP
|
||||
\fISign\fP will:
|
||||
|
||||
.IP \(bu 4
|
||||
(Re)-sign the zone with the CSK(s) when:
|
||||
|
||||
.RS
|
||||
.IP \(en 4
|
||||
the last time it was signed is more than a 6 days ago. Each zone will have some jitter
|
||||
applied to the inception date.
|
||||
.IP \(en 4
|
||||
the signature only has 14 days left before expiring.
|
||||
|
||||
.RE
|
||||
|
||||
|
||||
Both these dates are only checked on the SOA's signature(s).
|
||||
.IP \(bu 4
|
||||
Create RRSIGs that have an inception of -3 hours (minus a jitter between 0 and 18 hours)
|
||||
and a expiration of +32 (plus a jitter between 0 and 5 days) days for every given DNSKEY.
|
||||
.IP \(bu 4
|
||||
Add NSEC records for all names in the zone. The TTL for these is the negative cache TTL from the
|
||||
SOA record.
|
||||
.IP \(bu 4
|
||||
Add or replace \fIall\fP apex CDS/CDNSKEY records with the ones derived from the given keys. For
|
||||
each key two CDS are created one with SHA1 and another with SHA256.
|
||||
.IP \(bu 4
|
||||
Update the SOA's serial number to the \fIUnix epoch\fP of when the signing happens. This will
|
||||
overwrite \fIany\fP previous serial number.
|
||||
|
||||
|
||||
.PP
|
||||
There are two ways that dictate when a zone is signed. Normally every 6 days (plus jitter) it will
|
||||
be resigned. If for some reason we fail this check, the 14 days before expiring kicks in.
|
||||
|
||||
.PP
|
||||
Keys are named (following BIND9): \fB\fCK<name>+<alg>+<id>.key\fR and \fB\fCK<name>+<alg>+<id>.private\fR.
|
||||
The keys \fBmust not\fP be included in your zone; they will be added by \fIsign\fP. These keys can be
|
||||
generated with \fB\fCcoredns-keygen\fR or BIND9's \fB\fCdnssec-keygen\fR. You don't have to adhere to this naming
|
||||
scheme, but then you need to name your keys explicitly, see the \fB\fCkeys file\fR directive.
|
||||
|
||||
.PP
|
||||
A generated zone is written out in a file named \fB\fCdb.<name>.signed\fR in the directory named by the
|
||||
\fB\fCdirectory\fR directive (which defaults to \fB\fC/var/lib/coredns\fR).
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
sign DBFILE [ZONES...] {
|
||||
key file|directory KEY...|DIR...
|
||||
directory DIR
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBDBFILE\fP the zone database file to read and parse. If the path is relative, the path from the
|
||||
\fIroot\fP plugin will be prepended to it.
|
||||
.IP \(bu 4
|
||||
\fBZONES\fP zones it should be sign for. If empty, the zones from the configuration block are
|
||||
used.
|
||||
.IP \(bu 4
|
||||
\fB\fCkey\fR specifies the key(s) (there can be multiple) to sign the zone. If \fB\fCfile\fR is
|
||||
used the \fBKEY\fP's filenames are used as is. If \fB\fCdirectory\fR is used, \fIsign\fP will look in \fBDIR\fP
|
||||
for \fB\fCK<name>+<alg>+<id>\fR files. Any metadata in these files (Activate, Publish, etc.) is
|
||||
\fIignored\fP. These keys must also be Key Signing Keys (KSK).
|
||||
.IP \(bu 4
|
||||
\fB\fCdirectory\fR specifies the \fBDIR\fP where CoreDNS should save zones that have been signed.
|
||||
If not given this defaults to \fB\fC/var/lib/coredns\fR. The zones are saved under the name
|
||||
\fB\fCdb.<name>.signed\fR. If the path is relative the path from the \fIroot\fP plugin will be prepended
|
||||
to it.
|
||||
|
||||
|
||||
.PP
|
||||
Keys can be generated with \fB\fCcoredns-keygen\fR, to create one for use in the \fIsign\fP plugin, use:
|
||||
\fB\fCcoredns-keygen example.org\fR or \fB\fCdnssec-keygen -a ECDSAP256SHA256 -f KSK example.org\fR.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Sign the \fB\fCexample.org\fR zone contained in the file \fB\fCdb.example.org\fR and write the result to
|
||||
\fB\fC./db.example.org.signed\fR to let the \fIfile\fP plugin pick it up and serve it. The keys used
|
||||
are read from \fB\fC/etc/coredns/keys/Kexample.org.key\fR and \fB\fC/etc/coredns/keys/Kexample.org.private\fR.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
file db.example.org.signed
|
||||
|
||||
sign db.example.org {
|
||||
key file /etc/coredns/keys/Kexample.org
|
||||
directory .
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Running this leads to the following log output (note the timers in this example have been set to
|
||||
shorter intervals).
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
[WARNING] plugin/file: Failed to open "open /tmp/db.example.org.signed: no such file or directory": trying again in 1m0s
|
||||
[INFO] plugin/sign: Signing "example.org." because open /tmp/db.example.org.signed: no such file or directory
|
||||
[INFO] plugin/sign: Successfully signed zone "example.org." in "/tmp/db.example.org.signed" with key tags "59725" and 1564766865 SOA serial, elapsed 9.357933ms, next: 2019\-08\-02T22:27:45.270Z
|
||||
[INFO] plugin/file: Successfully reloaded zone "example.org." in "/tmp/db.example.org.signed" with serial 1564766865
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Or use a single zone file for \fImultiple\fP zones, note that the \fBZONES\fP are repeated for both plugins.
|
||||
Also note this outputs \fImultiple\fP signed output files. Here we use the default output directory
|
||||
\fB\fC/var/lib/coredns\fR.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
file /var/lib/coredns/db.example.org.signed example.org
|
||||
file /var/lib/coredns/db.example.net.signed example.net
|
||||
sign db.example.org example.org example.net {
|
||||
key directory /etc/coredns/keys
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
This is the same configuration, but the zones are put in the server block, but note that you still
|
||||
need to specify what file is served for what zone in the \fIfile\fP plugin:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org example.net {
|
||||
file var/lib/coredns/db.example.org.signed example.org
|
||||
file var/lib/coredns/db.example.net.signed example.net
|
||||
sign db.example.org {
|
||||
key directory /etc/coredns/keys
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Be careful to fully list the origins you want to sign, if you don't:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org example.net {
|
||||
sign plugin/sign/testdata/db.example.org miek.org {
|
||||
key file /etc/coredns/keys/Kexample.org
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
This will lead to \fB\fCdb.example.org\fR be signed \fItwice\fP, as this entire section is parsed twice because
|
||||
you have specified the origins \fB\fCexample.org\fR and \fB\fCexample.net\fR in the server block.
|
||||
|
||||
.PP
|
||||
Forcibly resigning a zone can be accomplished by removing the signed zone file (CoreDNS will keep
|
||||
on serving it from memory), and sending SIGUSR1 to the process to make it reload and resign the zone
|
||||
file.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
The DNSSEC RFCs: RFC 4033, RFC 4034 and RFC 4035. And the BCP on DNSSEC, RFC 6781. Further more the
|
||||
manual pages coredns-keygen(1) and dnssec-keygen(8). And the \fIfile\fP plugin's documentation.
|
||||
|
||||
.PP
|
||||
Coredns-keygen can be found at
|
||||
https://github.com/coredns/coredns-utils
|
||||
\[la]https://github.com/coredns/coredns-utils\[ra] in the
|
||||
coredns-keygen directory.
|
||||
|
||||
.PP
|
||||
Other useful DNSSEC tools can be found in ldns
|
||||
\[la]https://nlnetlabs.nl/projects/ldns/about/\[ra], e.g.
|
||||
\fB\fCldns-key2ds\fR to create DS records from DNSKEYs.
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
\fB\fCkeys directory\fR is not implemented.
|
||||
|
|
@ -1,359 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-TEMPLATE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fItemplate\fP - allows for dynamic responses based on the incoming query.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fItemplate\fP plugin allows you to dynamically respond to queries by just writing a (Go) template.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
template CLASS TYPE [ZONE...] {
|
||||
match REGEX...
|
||||
answer RR
|
||||
additional RR
|
||||
authority RR
|
||||
rcode CODE
|
||||
fallthrough [ZONE...]
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBCLASS\fP the query class (usually IN or ANY).
|
||||
.IP \(bu 4
|
||||
\fBTYPE\fP the query type (A, PTR, ... can be ANY to match all types).
|
||||
.IP \(bu 4
|
||||
\fBZONE\fP the zone scope(s) for this template. Defaults to the server zones.
|
||||
.IP \(bu 4
|
||||
\fBREGEX\fP Go regexp
|
||||
\[la]https://golang.org/pkg/regexp/\[ra] that are matched against the incoming question name. Specifying no regex matches everything (default: \fB\fC.*\fR). First matching regex wins.
|
||||
.IP \(bu 4
|
||||
\fB\fCanswer|additional|authority\fR \fBRR\fP A RFC 1035
|
||||
\[la]https://tools.ietf.org/html/rfc1035#section-5\[ra] style resource record fragment
|
||||
built by a Go template
|
||||
\[la]https://golang.org/pkg/text/template/\[ra] that contains the reply.
|
||||
.IP \(bu 4
|
||||
\fB\fCrcode\fR \fBCODE\fP A response code (\fB\fCNXDOMAIN, SERVFAIL, ...\fR). The default is \fB\fCSUCCESS\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCfallthrough\fR Continue with the next plugin if the zone matched but no regex matched.
|
||||
If specific zones are listed (for example \fB\fCin-addr.arpa\fR and \fB\fCip6.arpa\fR), then only queries for
|
||||
those zones will be subject to fallthrough.
|
||||
|
||||
|
||||
.PP
|
||||
At least one \fB\fCanswer\fR or \fB\fCrcode\fR directive is needed (e.g. \fB\fCrcode NXDOMAIN\fR).
|
||||
|
||||
.PP
|
||||
Also see
|
||||
\[la]#also-see\[ra] contains an additional reading list.
|
||||
|
||||
.SH "TEMPLATES"
|
||||
.PP
|
||||
Each resource record is a full-featured Go template
|
||||
\[la]https://golang.org/pkg/text/template/\[ra] with the following predefined data
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fC.Zone\fR the matched zone string (e.g. \fB\fCexample.\fR).
|
||||
.IP \(bu 4
|
||||
\fB\fC.Name\fR the query name, as a string (lowercased).
|
||||
.IP \(bu 4
|
||||
\fB\fC.Class\fR the query class (usually \fB\fCIN\fR).
|
||||
.IP \(bu 4
|
||||
\fB\fC.Type\fR the RR type requested (e.g. \fB\fCPTR\fR).
|
||||
.IP \(bu 4
|
||||
\fB\fC.Match\fR an array of all matches. \fB\fCindex .Match 0\fR refers to the whole match.
|
||||
.IP \(bu 4
|
||||
\fB\fC.Group\fR a map of the named capture groups.
|
||||
.IP \(bu 4
|
||||
\fB\fC.Message\fR the complete incoming DNS message.
|
||||
.IP \(bu 4
|
||||
\fB\fC.Question\fR the matched question section.
|
||||
.IP \(bu 4
|
||||
\fB\fC.Remote\fR client’s IP address
|
||||
.IP \(bu 4
|
||||
\fB\fC.Meta\fR a function that takes a metadata name and returns the value, if the
|
||||
metadata plugin is enabled. For example, \fB\fC.Meta "kubernetes/client-namespace"\fR
|
||||
|
||||
|
||||
.PP
|
||||
The output of the template must be a RFC 1035
|
||||
\[la]https://tools.ietf.org/html/rfc1035\[ra] style resource record (commonly referred to as a "zone file").
|
||||
|
||||
.PP
|
||||
\fBWARNING\fP there is a syntactical problem with Go templates and CoreDNS config files. Expressions
|
||||
like \fB\fC{{$var}}\fR will be interpreted as a reference to an environment variable by CoreDNS (and
|
||||
Caddy) while \fB\fC{{ $var }}\fR will work. See Bugs
|
||||
\[la]#bugs\[ra] and corefile(5).
|
||||
|
||||
.SH "METRICS"
|
||||
.PP
|
||||
If monitoring is enabled (via the \fIprometheus\fP plugin) then the following metrics are exported:
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_template_matches_total{server, regex}\fR the total number of matched requests by regex.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_template_template_failures_total{server, regex,section,template}\fR the number of times the Go templating failed. Regex, section and template label values can be used to map the error back to the config file.
|
||||
.IP \(bu 4
|
||||
\fB\fCcoredns_template_rr_failures_total{server, regex,section,template}\fR the number of times the templated resource record was invalid and could not be parsed. Regex, section and template label values can be used to map the error back to the config file.
|
||||
|
||||
|
||||
.PP
|
||||
Both failure cases indicate a problem with the template configuration. The \fB\fCserver\fR label indicates
|
||||
the server incrementing the metric, see the \fImetrics\fP plugin for details.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.SS "RESOLVE EVERYTHING TO NXDOMAIN"
|
||||
.PP
|
||||
The most simplistic template is
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
template ANY ANY {
|
||||
rcode NXDOMAIN
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP 1\. 4
|
||||
This template uses the default zone (\fB\fC.\fR or all queries)
|
||||
.IP 2\. 4
|
||||
All queries will be answered (no \fB\fCfallthrough\fR)
|
||||
.IP 3\. 4
|
||||
The answer is always NXDOMAIN
|
||||
|
||||
|
||||
.SS "RESOLVE .INVALID AS NXDOMAIN"
|
||||
.PP
|
||||
The \fB\fC.invalid\fR domain is a reserved TLD (see RFC 2606 Reserved Top Level DNS Names
|
||||
\[la]https://tools.ietf.org/html/rfc2606#section-2\[ra]) to indicate invalid domains.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8
|
||||
|
||||
template ANY ANY invalid {
|
||||
rcode NXDOMAIN
|
||||
authority "invalid. 60 {{ .Class }} SOA ns.invalid. hostmaster.invalid. (1 60 60 60 60)"
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP 1\. 4
|
||||
A query to .invalid will result in NXDOMAIN (rcode)
|
||||
.IP 2\. 4
|
||||
A dummy SOA record is sent to hand out a TTL of 60s for caching purposes
|
||||
.IP 3\. 4
|
||||
Querying \fB\fC.invalid\fR in the \fB\fCCH\fR class will also cause a NXDOMAIN/SOA response
|
||||
.IP 4\. 4
|
||||
The default regex is \fB\fC.*\fR
|
||||
|
||||
|
||||
.SS "BLOCK INVALID SEARCH DOMAIN COMPLETIONS"
|
||||
.PP
|
||||
Imagine you run \fB\fCexample.com\fR with a datacenter \fB\fCdc1.example.com\fR. The datacenter domain
|
||||
is part of the DNS search domain.
|
||||
However \fB\fCsomething.example.com.dc1.example.com\fR would indicate a fully qualified
|
||||
domain name (\fB\fCsomething.example.com\fR) that inadvertently has the default domain or search
|
||||
path (\fB\fCdc1.example.com\fR) added.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8
|
||||
|
||||
template IN ANY example.com.dc1.example.com {
|
||||
rcode NXDOMAIN
|
||||
authority "{{ .Zone }} 60 IN SOA ns.example.com hostmaster.example.com (1 60 60 60 60)"
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
A more verbose regex based equivalent would be
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8
|
||||
|
||||
template IN ANY example.com {
|
||||
match "example\\.com\\.(dc1\\.example\\.com\\.)$"
|
||||
rcode NXDOMAIN
|
||||
authority "{{ index .Match 1 }} 60 IN SOA ns.{{ index .Match 1 }} hostmaster.{{ index .Match 1 }} (1 60 60 60 60)"
|
||||
fallthrough
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The regex-based version can do more complex matching/templating while zone-based templating is easier to read and use.
|
||||
|
||||
.SS "RESOLVE A/PTR FOR .EXAMPLE"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8
|
||||
|
||||
# ip\-a\-b\-c\-d.example A a.b.c.d
|
||||
|
||||
template IN A example {
|
||||
match (^|[.])ip\-(?P<a>[0\-9]*)\-(?P<b>[0\-9]*)\-(?P<c>[0\-9]*)\-(?P<d>[0\-9]*)[.]example[.]$
|
||||
answer "{{ .Name }} 60 IN A {{ .Group.a }}.{{ .Group.b }}.{{ .Group.c }}.{{ .Group.d }}"
|
||||
fallthrough
|
||||
}
|
||||
|
||||
# d.c.b.a.in\-addr.arpa PTR ip\-a\-b\-c\-d.example
|
||||
|
||||
template IN PTR in\-addr.arpa {
|
||||
match ^(?P<d>[0\-9]*)[.](?P<c>[0\-9]*)[.](?P<b>[0\-9]*)[.](?P<a>[0\-9]*)[.]in\-addr[.]arpa[.]$
|
||||
answer "{{ .Name }} 60 IN PTR ip\-{{ .Group.a }}\-{{ .Group.b }}\-{{ .Group.c }}\-{{ .Group.d }}.example."
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
An IPv4 address consists of 4 bytes, \fB\fCa.b.c.d\fR. Named groups make it less error-prone to reverse the
|
||||
IP address in the PTR case. Try to use named groups to explain what your regex and template are doing.
|
||||
|
||||
.PP
|
||||
Note that the A record is actually a wildcard: any subdomain of the IP address will resolve to the IP address.
|
||||
|
||||
.PP
|
||||
Having templates to map certain PTR/A pairs is a common pattern.
|
||||
|
||||
.PP
|
||||
Fallthrough is needed for mixed domains where only some responses are templated.
|
||||
|
||||
.SS "RESOLVE MULTIPLE IP PATTERNS"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8
|
||||
|
||||
template IN A example {
|
||||
match "^ip\-(?P<a>10)\-(?P<b>[0\-9]*)\-(?P<c>[0\-9]*)\-(?P<d>[0\-9]*)[.]dc[.]example[.]$"
|
||||
match "^(?P<a>[0\-9]*)[.](?P<b>[0\-9]*)[.](?P<c>[0\-9]*)[.](?P<d>[0\-9]*)[.]ext[.]example[.]$"
|
||||
answer "{{ .Name }} 60 IN A {{ .Group.a}}.{{ .Group.b }}.{{ .Group.c }}.{{ .Group.d }}"
|
||||
fallthrough
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Named capture groups can be used to template one response for multiple patterns.
|
||||
|
||||
.SS "RESOLVE A AND MX RECORDS FOR IP TEMPLATES IN .EXAMPLE"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8
|
||||
|
||||
template IN A example {
|
||||
match ^ip\-10\-(?P<b>[0\-9]*)\-(?P<c>[0\-9]*)\-(?P<d>[0\-9]*)[.]example[.]$
|
||||
answer "{{ .Name }} 60 IN A 10.{{ .Group.b }}.{{ .Group.c }}.{{ .Group.d }}"
|
||||
fallthrough
|
||||
}
|
||||
template IN MX example {
|
||||
match ^ip\-10\-(?P<b>[0\-9]*)\-(?P<c>[0\-9]*)\-(?P<d>[0\-9]*)[.]example[.]$
|
||||
answer "{{ .Name }} 60 IN MX 10 {{ .Name }}"
|
||||
additional "{{ .Name }} 60 IN A 10.{{ .Group.b }}.{{ .Group.c }}.{{ .Group.d }}"
|
||||
fallthrough
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SS "ADDING AUTHORITATIVE NAMESERVERS TO THE RESPONSE"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
forward . 8.8.8.8
|
||||
|
||||
template IN A example {
|
||||
match ^ip\-10\-(?P<b>[0\-9]*)\-(?P<c>[0\-9]*)\-(?P<d>[0\-9]*)[.]example[.]$
|
||||
answer "{{ .Name }} 60 IN A 10.{{ .Group.b }}.{{ .Group.c }}.{{ .Group.d }}"
|
||||
authority "example. 60 IN NS ns0.example."
|
||||
authority "example. 60 IN NS ns1.example."
|
||||
additional "ns0.example. 60 IN A 203.0.113.8"
|
||||
additional "ns1.example. 60 IN A 198.51.100.8"
|
||||
fallthrough
|
||||
}
|
||||
template IN MX example {
|
||||
match ^ip\-10\-(?P<b>[0\-9]*)\-(?P<c>[0\-9]*)\-(?P<d>[0\-9]*)[.]example[.]$
|
||||
answer "{{ .Name }} 60 IN MX 10 {{ .Name }}"
|
||||
additional "{{ .Name }} 60 IN A 10.{{ .Group.b }}.{{ .Group.c }}.{{ .Group.d }}"
|
||||
authority "example. 60 IN NS ns0.example."
|
||||
authority "example. 60 IN NS ns1.example."
|
||||
additional "ns0.example. 60 IN A 203.0.113.8"
|
||||
additional "ns1.example. 60 IN A 198.51.100.8"
|
||||
fallthrough
|
||||
}
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "ALSO SEE"
|
||||
.IP \(bu 4
|
||||
Go regexp
|
||||
\[la]https://golang.org/pkg/regexp/\[ra] for details about the regex implementation
|
||||
.IP \(bu 4
|
||||
RE2 syntax reference
|
||||
\[la]https://github.com/google/re2/wiki/Syntax\[ra] for details about the regex syntax
|
||||
.IP \(bu 4
|
||||
RFC 1034
|
||||
\[la]https://tools.ietf.org/html/rfc1034#section-3.6.1\[ra] and RFC 1035
|
||||
\[la]https://tools.ietf.org/html/rfc1035#section-5\[ra] for the resource record format
|
||||
.IP \(bu 4
|
||||
Go template
|
||||
\[la]https://golang.org/pkg/text/template/\[ra] for the template language reference
|
||||
|
||||
|
||||
.SH "BUGS"
|
||||
.PP
|
||||
CoreDNS supports caddyfile environment variables
|
||||
\[la]https://caddyserver.com/docs/caddyfile#env\[ra]
|
||||
with notion of \fB\fC{$ENV_VAR}\fR. This parser feature will break Go template variables
|
||||
\[la]https://golang.org/pkg/text/template/#hdr-Variables\[ra] notations like\fB\fC{{$variable}}\fR.
|
||||
The equivalent notation \fB\fC{{ $variable }}\fR will work.
|
||||
Try to avoid Go template variables in the context of this plugin.
|
||||
|
|
@ -1,95 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-TLS" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fItls\fP - allows you to configure the server certificates for the TLS and gRPC servers.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
CoreDNS supports queries that are encrypted using TLS (DNS over Transport Layer Security, RFC 7858)
|
||||
or are using gRPC (https://grpc.io/
|
||||
\[la]https://grpc.io/\[ra], not an IETF standard). Normally DNS traffic isn't encrypted at
|
||||
all (DNSSEC only signs resource records).
|
||||
|
||||
.PP
|
||||
The \fItls\fP "plugin" allows you to configure the cryptographic keys that are needed for both
|
||||
DNS-over-TLS and DNS-over-gRPC. If the \fItls\fP plugin is omitted, then no encryption takes place.
|
||||
|
||||
.PP
|
||||
The gRPC protobuffer is defined in \fB\fCpb/dns.proto\fR. It defines the proto as a simple wrapper for the
|
||||
wire data of a DNS message.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
tls CERT KEY [CA]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Parameter CA is optional. If not set, system CAs can be used to verify the client certificate
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
tls CERT KEY [CA] {
|
||||
client\_auth nocert|request|require|verify\_if\_given|require\_and\_verify
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
If client_auth option is specified, it controls the client authentication policy.
|
||||
The option value corresponds to the ClientAuthType values of the Go tls package
|
||||
\[la]https://golang.org/pkg/crypto/tls/#ClientAuthType\[ra]: NoClientCert, RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, and RequireAndVerifyClientCert, respectively.
|
||||
The default is "nocert". Note that it makes no sense to specify parameter CA unless this option is
|
||||
set to verify_if_given or require_and_verify.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Start a DNS-over-TLS server that picks up incoming DNS-over-TLS queries on port 5553 and uses the
|
||||
nameservers defined in \fB\fC/etc/resolv.conf\fR to resolve the query. This proxy path uses plain old DNS.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
tls://.:5553 {
|
||||
tls cert.pem key.pem ca.pem
|
||||
forward . /etc/resolv.conf
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Start a DNS-over-gRPC server that is similar to the previous example, but using DNS-over-gRPC for
|
||||
incoming queries.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
grpc://. {
|
||||
tls cert.pem key.pem ca.pem
|
||||
forward . /etc/resolv.conf
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Only Knot DNS' \fB\fCkdig\fR supports DNS-over-TLS queries, no command line client supports gRPC making
|
||||
debugging these transports harder than it should be.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
RFC 7858 and https://grpc.io
|
||||
\[la]https://grpc.io\[ra].
|
||||
|
|
@ -1,156 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-TRACE" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fItrace\fP - enables OpenTracing-based tracing of DNS requests as they go through the plugin chain.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
With \fItrace\fP you enable OpenTracing of how a request flows through CoreDNS. Enable the \fIdebug\fP
|
||||
plugin to get logs from the trace plugin.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
The simplest form is just:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
trace [ENDPOINT\-TYPE] [ENDPOINT]
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBENDPOINT-TYPE\fP is the type of tracing destination. Currently only \fB\fCzipkin\fR and \fB\fCdatadog\fR are supported.
|
||||
Defaults to \fB\fCzipkin\fR.
|
||||
.IP \(bu 4
|
||||
\fBENDPOINT\fP is the tracing destination, and defaults to \fB\fClocalhost:9411\fR. For Zipkin, if
|
||||
\fBENDPOINT\fP does not begin with \fB\fChttp\fR, then it will be transformed to \fB\fChttp://ENDPOINT/api/v1/spans\fR.
|
||||
|
||||
|
||||
.PP
|
||||
With this form, all queries will be traced.
|
||||
|
||||
.PP
|
||||
Additional features can be enabled with this syntax:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
trace [ENDPOINT\-TYPE] [ENDPOINT] {
|
||||
every AMOUNT
|
||||
service NAME
|
||||
client\_server
|
||||
datadog\_analytics\_rate RATE
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fB\fCevery\fR \fBAMOUNT\fP will only trace one query of each AMOUNT queries. For example, to trace 1 in every
|
||||
100 queries, use AMOUNT of 100. The default is 1.
|
||||
.IP \(bu 4
|
||||
\fB\fCservice\fR \fBNAME\fP allows you to specify the service name reported to the tracing server.
|
||||
Default is \fB\fCcoredns\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCclient_server\fR will enable the \fB\fCClientServerSameSpan\fR OpenTracing feature.
|
||||
.IP \(bu 4
|
||||
\fB\fCdatadog_analytics_rate\fR \fBRATE\fP will enable trace analytics
|
||||
\[la]https://docs.datadoghq.com/tracing/app_analytics\[ra] on the traces sent
|
||||
from \fI0\fP to \fI1\fP, \fI1\fP being every trace sent will be analyzed. This is a datadog only feature
|
||||
(\fBENDPOINT-TYPE\fP needs to be \fB\fCdatadog\fR)
|
||||
|
||||
|
||||
.SH "ZIPKIN"
|
||||
.PP
|
||||
You can run Zipkin on a Docker host like this:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
docker run \-d \-p 9411:9411 openzipkin/zipkin
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Note the zipkin provider does not support the v1 API since coredns 1.7.1.
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Use an alternative Zipkin address:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
trace tracinghost:9253
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
or
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
trace zipkin tracinghost:9253
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
If for some reason you are using an API reverse proxy or something and need to remap
|
||||
the standard Zipkin URL you can do something like:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
trace http://tracinghost:9411/zipkin/api/v1/spans
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Using DataDog:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
trace datadog localhost:8126
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Trace one query every 10000 queries, rename the service, and enable same span:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
trace tracinghost:9411 {
|
||||
every 10000
|
||||
service dnsproxy
|
||||
client\_server
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
See the \fIdebug\fP plugin for more information about debug logging.
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-TRANSFER" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fItransfer\fP - perform (outgoing) zone transfers for other plugins.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
This plugin answers zone transfers for authoritative plugins that implement \fB\fCtransfer.Transferer\fR.
|
||||
|
||||
.PP
|
||||
\fItransfer\fP answers full zone transfer (AXFR) requests and incremental zone transfer (IXFR) requests
|
||||
with AXFR fallback if the zone has changed.
|
||||
|
||||
.PP
|
||||
When a plugin wants to notify it's secondaries it will call back into the \fItransfer\fP plugin.
|
||||
|
||||
.PP
|
||||
The following plugins implement zone transfers using this plugin: \fIfile\fP, \fIauto\fP, \fIsecondary\fP, and
|
||||
\fIkubernetes\fP. See \fB\fCtransfer.go\fR for implementation details if you are a plugin author that wants to
|
||||
use this plugin.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
transfer [ZONE...] {
|
||||
to ADDRESS...
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.IP \(bu 4
|
||||
\fBZONE\fP The zones \fItransfer\fP will answer zone transfer requests for. If left blank, the zones
|
||||
are inherited from the enclosing server block. To answer zone transfers for a given zone,
|
||||
there must be another plugin in the same server block that serves the same zone, and implements
|
||||
\fB\fCtransfer.Transferer\fR.
|
||||
.IP \(bu 4
|
||||
\fB\fCto\fR \fBADDRESS...\fP The hosts \fItransfer\fP will transfer to. Use \fB\fC*\fR to permit transfers to all
|
||||
addresses. \fBADDRESS\fP must be denoted in CIDR notation (e.g., 127.0.0.1/32) or just as plain
|
||||
addresses. \fB\fCto\fR may be specified multiple times.
|
||||
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
See the specific plugins using this plugin for examples on it's usage.
|
||||
|
|
@ -1,82 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS-WHOAMI" 7 "March 2021" "CoreDNS" "CoreDNS Plugins"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIwhoami\fP - returns your resolver's local IP address, port and transport.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
The \fIwhoami\fP plugin is not really that useful, but can be used for having a simple (fast) endpoint
|
||||
to test clients against. When \fIwhoami\fP returns a response it will have your client's IP address in
|
||||
the additional section as either an A or AAAA record.
|
||||
|
||||
.PP
|
||||
The reply always has an empty answer section. The port and transport are included in the additional
|
||||
section as a SRV record, transport can be "tcp" or "udp".
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&.\_<transport>.qname. 0 IN SRV 0 0 <port> .
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The \fIwhoami\fP plugin will respond to every A or AAAA query, regardless of the query name.
|
||||
|
||||
.PP
|
||||
If CoreDNS can't find a Corefile on startup this is the \fIdefault\fP plugin that gets loaded. As such
|
||||
it can be used to check that CoreDNS is responding to queries. Other than that this plugin is of
|
||||
limited use in production.
|
||||
|
||||
.SH "SYNTAX"
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
whoami
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
Start a server on the default port and load the \fIwhoami\fP plugin.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
When queried for "example.org A", CoreDNS will respond with:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
;; QUESTION SECTION:
|
||||
;example.org. IN A
|
||||
|
||||
;; ADDITIONAL SECTION:
|
||||
example.org. 0 IN A 10.240.0.1
|
||||
\_udp.example.org. 0 IN SRV 0 0 40212
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
Read the blog post
|
||||
\[la]https://coredns.io/2017/03/01/how-to-add-plugins-to-coredns/\[ra] on how this plugin is built, or explore the source code
|
||||
\[la]https://github.com/coredns/coredns/blob/master/plugin/whoami/\[ra].
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREDNS" 1 "March 2021" "CoreDNS" "CoreDNS"
|
||||
|
||||
.SH "COREDNS"
|
||||
.PP
|
||||
\fIcoredns\fP - pluggable DNS nameserver optimized for service discovery and flexibility.
|
||||
|
||||
.SH "SYNOPSIS"
|
||||
.PP
|
||||
\fIcoredns\fP \fB[-conf FILE]\fP \fB[-dns.port PORT}\fP \fB[OPTION]\fP...
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
CoreDNS is a DNS server that chains plugins. Each plugin handles a DNS feature, like rewriting
|
||||
queries, kubernetes service discovery or just exporting metrics. There are many other plugins,
|
||||
each described on https://coredns.io/plugins
|
||||
\[la]https://coredns.io/plugins\[ra] and their respective manual pages. Plugins not
|
||||
bundled by default in CoreDNS are listed on https://coredns.io/explugins
|
||||
\[la]https://coredns.io/explugins\[ra].
|
||||
|
||||
.PP
|
||||
When started without options CoreDNS will look for a file named \fB\fCCorefile\fR in the current
|
||||
directory, if found, it will parse its contents and start up accordingly. If no \fB\fCCorefile\fR is found
|
||||
it will start with the \fIwhoami\fP plugin (coredns-whoami(7)) and start listening on port 53 (unless
|
||||
overridden with \fB\fC-dns.port\fR).
|
||||
|
||||
.PP
|
||||
Available options:
|
||||
|
||||
.TP
|
||||
\fB-conf\fP \fBFILE\fP
|
||||
specify Corefile to load, if not given CoreDNS will look for a \fB\fCCorefile\fR in the current
|
||||
directory.
|
||||
.TP
|
||||
\fB-dns.port\fP \fBPORT\fP
|
||||
override default port (53) to listen on.
|
||||
.TP
|
||||
\fB-pidfile\fP \fBFILE\fP
|
||||
write PID to \fBFILE\fP.
|
||||
.TP
|
||||
\fB-plugins\fP
|
||||
list all plugins and quit.
|
||||
.TP
|
||||
\fB-quiet\fP
|
||||
don't print any version and port information on startup.
|
||||
.TP
|
||||
\fB-version\fP
|
||||
show version and quit.
|
||||
|
||||
|
||||
.SH "AUTHORS"
|
||||
.PP
|
||||
CoreDNS Authors.
|
||||
|
||||
.SH "COPYRIGHT"
|
||||
.PP
|
||||
Apache License 2.0
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
Corefile(5) coredns-k8s_external(7) coredns-any(7) coredns-hosts(7) coredns-reload(7) coredns-acl(7) coredns-dnssec(7) coredns-health(7) coredns-grpc(7) coredns-sign(7) coredns-log(7) coredns-tls(7) coredns-file(7) coredns-root(7) coredns-loop(7) coredns-chaos(7) coredns-dnstap(7) coredns-pprof(7) coredns-bufsize(7) coredns-clouddns(7) coredns-loadbalance(7) coredns-cache(7) coredns-whoami(7) coredns-minimal(7) coredns-bind(7) coredns-erratic(7) coredns-auto(7) coredns-import(7) coredns-debug(7) coredns-template(7) coredns-azure(7) coredns-autopath(7) coredns-kubernetes(7) coredns-forward(7) coredns-nsid(7) coredns-secondary(7) coredns-route53(7) coredns-local(7) coredns-errors(7) coredns-transfer(7) coredns-ready(7) coredns-metadata(7) coredns-rewrite(7) coredns-metrics(7) coredns-dns64(7) coredns-etcd(7) coredns-cancel(7) coredns-trace(7).
|
||||
|
207
man/corefile.5
207
man/corefile.5
|
@ -1,207 +0,0 @@
|
|||
.\" Generated by Mmark Markdown Processer - mmark.miek.nl
|
||||
.TH "COREFILE" 5 "March 2021" "CoreDNS" "CoreDNS"
|
||||
|
||||
.SH "NAME"
|
||||
.PP
|
||||
\fIcorefile\fP - configuration file for CoreDNS.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
A \fIcorefile\fP specifies the internal servers CoreDNS should run and what plugins each of these
|
||||
should chain. The syntax is as follows:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
[SCHEME://]ZONE [[SCHEME://]ZONE]...[:PORT] {
|
||||
[PLUGIN]...
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
The \fBZONE\fP defines for which name this server should be called, multiple zones are allowed and
|
||||
should be \fIwhite space\fP separated. You can use a "reverse" syntax to specify a reverse zone (i.e.
|
||||
ip6.arpa and in-addr.arpa), by using an IP address in the CIDR notation.
|
||||
|
||||
.PP
|
||||
The optional \fBSCHEME\fP defaults to \fB\fCdns://\fR, but can also be \fB\fCtls://\fR (DNS over TLS), \fB\fCgrpc://\fR
|
||||
(DNS over gRPC) or \fB\fChttps://\fR (DNS over HTTP/2).
|
||||
|
||||
.PP
|
||||
The optional \fBPORT\fP controls on which port the server will bind, this default to 53. If you use
|
||||
a port number here, you \fIcan't\fP override it with \fB\fC-dns.port\fR (coredns(1)), also see coredns-bind(7).
|
||||
|
||||
.PP
|
||||
Specifying a \fBZONE\fP \fIand\fP \fBPORT\fP combination multiple times for \fIdifferent\fP servers will lead to
|
||||
an error on startup.
|
||||
|
||||
.PP
|
||||
When a query comes in, it is matched again all zones for all servers, the server with the longest
|
||||
match on the query name will receive the query.
|
||||
|
||||
.PP
|
||||
\fBPLUGIN\fP defines the plugin(s) we want to load into this server. This is optional as well, but as
|
||||
server with no plugins will just return SERVFAIL for all queries. Each plugin can have a number of
|
||||
properties than can have arguments, see the documentation for each plugin.
|
||||
|
||||
.PP
|
||||
Comments are allowed and begin with an unquoted hash \fB\fC#\fR and continue to the end of the line.
|
||||
Comments may be started anywhere on a line.
|
||||
|
||||
.PP
|
||||
Environment variables are supported and either the Unix or Windows form may be used: \fB\fC{$ENV_VAR_1}\fR
|
||||
or \fB\fC{%ENV_VAR_2%}\fR.
|
||||
|
||||
.PP
|
||||
You can use the \fB\fCimport\fR "plugin" (See coredns-import(7)) to include parts of other files.
|
||||
|
||||
.PP
|
||||
If CoreDNS can’t find a Corefile to load it loads the following builtin one:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
whoami
|
||||
log
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "IMPORT"
|
||||
.PP
|
||||
You can use the \fB\fCimport\fR "plugin" to include parts of other files, see
|
||||
https://coredns.io/plugins/import
|
||||
\[la]https://coredns.io/plugins/import\[ra], and coredns-import(7).
|
||||
|
||||
.SH "SNIPPETS"
|
||||
.PP
|
||||
If you want to reuse a snippet you can define one with and then use it with \fIimport\fP.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
(mysnippet) {
|
||||
log
|
||||
whoami
|
||||
}
|
||||
|
||||
\&. {
|
||||
import mysnippet
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "EXAMPLES"
|
||||
.PP
|
||||
The \fBZONE\fP is root zone \fB\fC.\fR, the \fBPLUGIN\fP is \fIchaos\fP. The \fIchaos\fP plugin takes an (optional) argument:
|
||||
\fB\fCCoreDNS-001\fR. This text is returned on a CH class query: \fB\fCdig CH TXT version.bind @localhost\fR.
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
\&. {
|
||||
chaos CoreDNS\-001
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
When defining a new zone, you either create a new server, or add it to an existing one. Here we
|
||||
define one server that handles two zones; that potentially chain different plugins:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org {
|
||||
whoami
|
||||
}
|
||||
org {
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Is identical to:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
example.org org {
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
Reverse zones can be specified as domain names:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
0.0.10.in\-addr.arpa {
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
or by just using the CIDR notation:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
10.0.0.0/24 {
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.PP
|
||||
This also works on a non octet boundary:
|
||||
|
||||
.PP
|
||||
.RS
|
||||
|
||||
.nf
|
||||
10.0.0.0/27 {
|
||||
whoami
|
||||
}
|
||||
|
||||
.fi
|
||||
.RE
|
||||
|
||||
.SH "AUTHORS"
|
||||
.PP
|
||||
CoreDNS Authors.
|
||||
|
||||
.SH "COPYRIGHT"
|
||||
.PP
|
||||
Apache License 2.0
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
The manual page for CoreDNS: coredns(1) and more documentation on https://coredns.io
|
||||
\[la]https://coredns.io\[ra].
|
||||
Also see the \fIimport\fP
|
||||
\[la]https://coredns.io/plugins/import\[ra]'s documentation and all the manual pages
|
||||
for the plugins.
|
||||
|
|
@ -1,90 +0,0 @@
|
|||
//+build ignore
|
||||
|
||||
// generates plugin/chaos/zowners.go.
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"sort"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func main() {
|
||||
// top-level OWNERS file
|
||||
o, err := owners("CODEOWNERS")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
golist := `package chaos
|
||||
|
||||
// Owners are all GitHub handlers of all maintainers.
|
||||
var Owners = []string{`
|
||||
c := ", "
|
||||
for i, a := range o {
|
||||
if i == len(o)-1 {
|
||||
c = "}"
|
||||
}
|
||||
golist += fmt.Sprintf("%q%s", a, c)
|
||||
}
|
||||
// to prevent `No newline at end of file` with gofmt
|
||||
golist += "\n"
|
||||
|
||||
if err := ioutil.WriteFile("plugin/chaos/zowners.go", []byte(golist), 0644); err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
func owners(path string) ([]string, error) {
|
||||
// simple line, by line based format
|
||||
//
|
||||
// # In this example, @doctocat owns any files in the build/logs
|
||||
// # directory at the root of the repository and any of its
|
||||
// # subdirectories.
|
||||
// /build/logs/ @doctocat
|
||||
f, err := os.Open(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
scanner := bufio.NewScanner(f)
|
||||
users := map[string]struct{}{}
|
||||
for scanner.Scan() {
|
||||
text := scanner.Text()
|
||||
if len(text) == 0 {
|
||||
continue
|
||||
}
|
||||
if text[0] == '#' {
|
||||
continue
|
||||
}
|
||||
ele := strings.Fields(text)
|
||||
if len(ele) == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
// ok ele[0] is the path, the rest are (in our case) github usernames prefixed with @
|
||||
for _, s := range ele[1:] {
|
||||
if len(s) <= 1 {
|
||||
continue
|
||||
}
|
||||
users[s[1:]] = struct{}{}
|
||||
}
|
||||
}
|
||||
if err := scanner.Err(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
u := []string{}
|
||||
for k := range users {
|
||||
if strings.HasPrefix(k, "@") {
|
||||
k = k[1:]
|
||||
}
|
||||
u = append(u, k)
|
||||
}
|
||||
sort.Strings(u)
|
||||
return u, nil
|
||||
}
|
|
@ -28,16 +28,13 @@ bufsize:bufsize
|
|||
root:root
|
||||
bind:bind
|
||||
debug:debug
|
||||
trace:trace
|
||||
ready:ready
|
||||
health:health
|
||||
pprof:pprof
|
||||
prometheus:metrics
|
||||
errors:errors
|
||||
log:log
|
||||
dnstap:dnstap
|
||||
local:local
|
||||
dns64:dns64
|
||||
acl:acl
|
||||
any:any
|
||||
chaos:chaos
|
||||
|
@ -50,15 +47,9 @@ minimal:minimal
|
|||
template:template
|
||||
transfer:transfer
|
||||
hosts:hosts
|
||||
route53:route53
|
||||
azure:azure
|
||||
clouddns:clouddns
|
||||
k8s_external:k8s_external
|
||||
kubernetes:kubernetes
|
||||
file:file
|
||||
auto:auto
|
||||
secondary:secondary
|
||||
etcd:etcd
|
||||
loop:loop
|
||||
forward:forward
|
||||
grpc:grpc
|
||||
|
|
|
@ -4,9 +4,9 @@ import (
|
|||
"context"
|
||||
"net"
|
||||
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"github.com/coredns/coredns/plugin/metrics"
|
||||
"github.com/coredns/coredns/request"
|
||||
"coredns/plugin"
|
||||
"coredns/plugin/metrics"
|
||||
"coredns/request"
|
||||
|
||||
"github.com/infobloxopen/go-trees/iptree"
|
||||
"github.com/miekg/dns"
|
||||
|
|
|
@ -4,8 +4,8 @@ import (
|
|||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/plugin/test"
|
||||
"coredns/caddy"
|
||||
"coredns/plugin/test"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
package acl
|
||||
|
||||
import (
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"coredns/plugin"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
|
|
|
@ -4,9 +4,9 @@ import (
|
|||
"net"
|
||||
"strings"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/core/dnsserver"
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"coredns/caddy"
|
||||
"coredns/core/dnsserver"
|
||||
"coredns/plugin"
|
||||
|
||||
"github.com/infobloxopen/go-trees/iptree"
|
||||
"github.com/miekg/dns"
|
||||
|
|
|
@ -3,7 +3,7 @@ package acl
|
|||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"coredns/caddy"
|
||||
)
|
||||
|
||||
func TestSetup(t *testing.T) {
|
||||
|
|
|
@ -3,7 +3,7 @@ package any
|
|||
import (
|
||||
"context"
|
||||
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"coredns/plugin"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -4,8 +4,8 @@ import (
|
|||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/coredns/coredns/plugin/pkg/dnstest"
|
||||
"github.com/coredns/coredns/plugin/test"
|
||||
"coredns/plugin/pkg/dnstest"
|
||||
"coredns/plugin/test"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
package any
|
||||
|
||||
import (
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/core/dnsserver"
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"coredns/caddy"
|
||||
"coredns/core/dnsserver"
|
||||
"coredns/plugin"
|
||||
)
|
||||
|
||||
func init() { plugin.Register("any", setup) }
|
||||
|
|
|
@ -6,12 +6,12 @@ import (
|
|||
"regexp"
|
||||
"time"
|
||||
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"github.com/coredns/coredns/plugin/file"
|
||||
"github.com/coredns/coredns/plugin/metrics"
|
||||
"github.com/coredns/coredns/plugin/pkg/upstream"
|
||||
"github.com/coredns/coredns/plugin/transfer"
|
||||
"github.com/coredns/coredns/request"
|
||||
"coredns/plugin"
|
||||
"coredns/plugin/file"
|
||||
"coredns/plugin/metrics"
|
||||
"coredns/plugin/pkg/upstream"
|
||||
"coredns/plugin/transfer"
|
||||
"coredns/request"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
package auto
|
||||
|
||||
import clog "github.com/coredns/coredns/plugin/pkg/log"
|
||||
import clog "coredns/plugin/pkg/log"
|
||||
|
||||
func init() { clog.Discard() }
|
||||
|
|
|
@ -6,13 +6,13 @@ import (
|
|||
"regexp"
|
||||
"time"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/core/dnsserver"
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"github.com/coredns/coredns/plugin/metrics"
|
||||
clog "github.com/coredns/coredns/plugin/pkg/log"
|
||||
"github.com/coredns/coredns/plugin/pkg/upstream"
|
||||
"github.com/coredns/coredns/plugin/transfer"
|
||||
"coredns/caddy"
|
||||
"coredns/core/dnsserver"
|
||||
"coredns/plugin"
|
||||
"coredns/plugin/metrics"
|
||||
clog "coredns/plugin/pkg/log"
|
||||
"coredns/plugin/pkg/upstream"
|
||||
"coredns/plugin/transfer"
|
||||
)
|
||||
|
||||
var log = clog.NewWithPlugin("auto")
|
||||
|
|
|
@ -4,7 +4,7 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"coredns/caddy"
|
||||
)
|
||||
|
||||
func TestAutoParse(t *testing.T) {
|
||||
|
|
|
@ -5,7 +5,7 @@ import (
|
|||
"path/filepath"
|
||||
"regexp"
|
||||
|
||||
"github.com/coredns/coredns/plugin/file"
|
||||
"coredns/plugin/file"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
package auto
|
||||
|
||||
import (
|
||||
"github.com/coredns/coredns/plugin/transfer"
|
||||
"coredns/plugin/transfer"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -4,8 +4,8 @@ package auto
|
|||
import (
|
||||
"sync"
|
||||
|
||||
"github.com/coredns/coredns/plugin/file"
|
||||
"github.com/coredns/coredns/plugin/transfer"
|
||||
"coredns/plugin/file"
|
||||
"coredns/plugin/transfer"
|
||||
)
|
||||
|
||||
// Zones maps zone names to a *Zone. This keeps track of what zones we have loaded at
|
||||
|
|
|
@ -34,11 +34,11 @@ package autopath
|
|||
import (
|
||||
"context"
|
||||
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"github.com/coredns/coredns/plugin/metrics"
|
||||
"github.com/coredns/coredns/plugin/pkg/dnsutil"
|
||||
"github.com/coredns/coredns/plugin/pkg/nonwriter"
|
||||
"github.com/coredns/coredns/request"
|
||||
"coredns/plugin"
|
||||
"coredns/plugin/metrics"
|
||||
"coredns/plugin/pkg/dnsutil"
|
||||
"coredns/plugin/pkg/nonwriter"
|
||||
"coredns/request"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -4,9 +4,9 @@ import (
|
|||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"github.com/coredns/coredns/plugin/pkg/dnstest"
|
||||
"github.com/coredns/coredns/plugin/test"
|
||||
"coredns/plugin"
|
||||
"coredns/plugin/pkg/dnstest"
|
||||
"coredns/plugin/test"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
package autopath
|
||||
|
||||
import (
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"coredns/plugin"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||
|
|
|
@ -3,9 +3,9 @@ package autopath
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/core/dnsserver"
|
||||
"github.com/coredns/coredns/plugin"
|
||||
"coredns/caddy"
|
||||
"coredns/core/dnsserver"
|
||||
"coredns/plugin"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
|
|
@ -6,8 +6,8 @@ import (
|
|||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/coredns/caddy"
|
||||
"github.com/coredns/coredns/plugin/test"
|
||||
"coredns/caddy"
|
||||
"coredns/plugin/test"
|
||||
)
|
||||
|
||||
func TestSetupAutoPath(t *testing.T) {
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
# azure
|
||||
|
||||
## Name
|
||||
|
||||
*azure* - enables serving zone data from Microsoft Azure DNS service.
|
||||
|
||||
## Description
|
||||
|
||||
The azure plugin is useful for serving zones from Microsoft Azure DNS. The *azure* plugin supports
|
||||
all the DNS records supported by Azure, viz. A, AAAA, CNAME, MX, NS, PTR, SOA, SRV, and TXT
|
||||
record types. NS record type is not supported by azure private DNS.
|
||||
|
||||
## Syntax
|
||||
|
||||
~~~ txt
|
||||
azure RESOURCE_GROUP:ZONE... {
|
||||
tenant TENANT_ID
|
||||
client CLIENT_ID
|
||||
secret CLIENT_SECRET
|
||||
subscription SUBSCRIPTION_ID
|
||||
environment ENVIRONMENT
|
||||
fallthrough [ZONES...]
|
||||
access private
|
||||
}
|
||||
~~~
|
||||
|
||||
* **RESOURCE_GROUP:ZONE** is the resource group to which the hosted zones belongs on Azure,
|
||||
and **ZONE** the zone that contains data.
|
||||
|
||||
* **CLIENT_ID** and **CLIENT_SECRET** are the credentials for Azure, and `tenant` specifies the
|
||||
**TENANT_ID** to be used. **SUBSCRIPTION_ID** is the subscription ID. All of these are needed
|
||||
to access the data in Azure.
|
||||
|
||||
* `environment` specifies the Azure **ENVIRONMENT**.
|
||||
|
||||
* `fallthrough` If zone matches and no record can be generated, pass request to the next plugin.
|
||||
If **ZONES** is omitted, then fallthrough happens for all zones for which the plugin is
|
||||
authoritative.
|
||||
|
||||
* `access` specifies if the zone is `public` or `private`. Default is `public`.
|
||||
|
||||
## Examples
|
||||
|
||||
Enable the *azure* plugin with Azure credentials for private zones `example.org`, `example.private`:
|
||||
|
||||
~~~ txt
|
||||
example.org {
|
||||
azure resource_group_foo:example.org resource_group_foo:example.private {
|
||||
tenant 123abc-123abc-123abc-123abc
|
||||
client 123abc-123abc-123abc-234xyz
|
||||
subscription 123abc-123abc-123abc-563abc
|
||||
secret mysecret
|
||||
access private
|
||||
}
|
||||
}
|
||||
~~~
|
||||
|
||||
## See Also
|
||||
|
||||
The [Azure DNS Overview](https://docs.microsoft.com/en-us/azure/dns/dns-overview).
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue