Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/wl4g/xcloud-dopaas-coredns

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/wl4g/xcloud-dopaas-coredns

  • v1.7.0-st
  • Source
  • Go
  • Socket score

Version published
Created
Source

CoreDNS enterprise plugin for DoPaaS

That can obtain zone resolution records from redis-cluster, it can be integrated with DoPaaS https://github.com/wl4g/dopaas, provides DoPaaS unified management web GUI.

English version goes here

Developer Guide

Configuration example

For more configuration items, please refer to the coredns official website. For example, we give a general example:

.:53 {
    loadbalance round_robin
    # Load zones records from local /etc/hosts.
    hosts {
        fallthrough
    }
    # Load zones records from redis-cluster(default settings).
    coredns_gdns {
        address localhost:6379,localhost:6380,localhost:6381,localhost:7379,localhost:7380,localhost:7381
        password "123456"
        connect_timeout 5000
        read_timeout 10000
        write_timeout 5000
        max_retries 10
        pool_size 10
        ttl 360
        prefix _coredns:
        local_cache_expire_ms 5000
    }
    # Up recursive DNS query server list.
    # e.g. Google dns servers: 8.8.8.8, china telecom dns servers: 114.114.114.114,202.96.134.133,202.96.212.68
    #forward . 8.8.8.8 114.114.114.114 {
    #  tls_servername dns.google
    #  force_tcp
    #  max_fails 3
    #  expire 10s
    #  health_check 5s
    #  policy sequential
    #  except www.baidu.com
    #}
    forward . 202.96.134.133 202.96.212.68 # In china
    reload 6s
    log . "{local}:{port} - {>id} '{type} {class} {name} {proto} {size} {>do} {>bufsize}' {rcode} {>rflags} {rsize} {duration}"
    errors
}
  • address redis cluster node address host:port or ip:port, default: localhost:6379,localhost:6380,localhost:6381,localhost:7379,localhost:7380,localhost:7381
  • password redis cluster password, default: empty
  • connect_timeout connection timeout time, default: 5000ms
  • read_timeout data read timeout, default: 10000ms
  • write_timeout data write timeout, default: 5000ms
  • max_retries Maximum number of retries, default: 10
  • pool_size redis connection pool size, default: 10
  • ttl zones resolve cache ttl, default: 360sec
  • prefix zones resolution record data is stored in redis-cluster key prefix, default: _coredns:
  • local_cache_expire_ms zones resolving and record the validity period of the local cache, default: 5000ms (Note: In order to improve performance, the loading sequence of zones map data is in order: localCache -> redisCache -> db)

Reverse resolution

Currently does not support direction resolution

Proxy resolution

Currently does not support direction resolution

Zones resolving records are stored in redis-cluster data format

Each zone is stored as a hash map in redis-cluster, with zone as the key. Note: According to the https://tools.ietf.org/html/rfc6763 protocol, it ends with a "." suffix. Such as:

redis-cli>KEYS *
1) "example.com."
2) "example.net."
redis-cli>
dns RRs

Stored in redis cluster in json string format, @ is used for RR value of the region itself. Such as:

A
{
    "a":{
        "ip": "1.2.3.4",
        "ttl": 360
    }
}
AAAA
{
    "aaaa":{
        "ip": "::1",
        "ttl": 360
    }
}
CNAME
{
    "cname":{
        "host": "x.example.com.",
        "ttl": 360
    }
}
TXT
{
    "TXT":{
        "text": "this is a text",
        "ttl": 360
    }
}
NS
{
    "ns":{
        "host": "ns1.example.com.",
        "ttl": 360
    }
}
MX
{
    "mx":{
        "host": "mx1.example.com",
        "priority": 10,
        "ttl": 360
    }
}
SRV
{
    "srv":{
        "host": "sip.example.com.",
        "port": 555,
        "priority": 10,
        "weight": 100,
        "ttl": 360
    }
}
SOA
{
    "soa":{
        "ttl": 100,
        "mbox": "hostmaster.example.com.",
        "ns": "ns1.example.com.",
        "refresh": 44,
        "retry": 55,
        "expire": 66
    }
}
CAA
{
    "caa":{
        "flag": 0,
        "tag": "issue",
        "value": "letsencrypt.org"
    }
}

Parsing example

$ORIGIN example.net.
 example.net. 300 IN SOA <SOA RDATA>
 example.net. 300 NS ns1.example.net.
 example.net. 300 NS ns2.example.net.
 *.example.net. 300 TXT "this is a wildcard"
 *.example.net. 300 MX 10 host1.example.net.
 sub.*.example.net. 300 TXT "this is not a wildcard"
 host1.example.net. 300 A 5.5.5.5
 _ssh.tcp.host1.example.net. 300 SRV <SRV RDATA>
 _ssh.tcp.host2.example.net. 300 SRV <SRV RDATA>
 subdel.example.net. 300 NS ns1.subdel.example.net.
 subdel.example.net. 300 NS ns2.subdel.example.net.
 host2.example.net CAA 0 issue "letsencrypt.org"

The above zone data should be stored in redis-cluster as follows:

redis-cli> hgetall example.net.
 1) "_ssh._tcp.host1"
 2) "{\"srv\":[{\"ttl\":300, \"target\":\"tcp.example.com.\",\"port\":123,\"priority\" :10,\"weight\":100}]}"
 3) "*"
 4) "{\"txt\":[{\"ttl\":300, \"text\":\"this is a wildcard\"}],\"mx\":[{\"ttl\" :300, \"host\":\"host1.example.net.\",\"preference\": 10}]}"
 5) "host1"
 6) "{\"a\":[{\"ttl\":300, \"ip\":\"5.5.5.5\"}]}"
 7) "sub.*"
 8) "{\"txt\":[{\"ttl\":300, \"text\":\"this is not a wildcard\"}]}"
 9) "_ssh._tcp.host2"
10) "{\"srv\":[{\"ttl\":300, \"target\":\"tcp.example.com.\",\"port\":123,\"priority\" :10,\"weight\":100}]}"
11) "subdel"
12) "{\"ns\":[{\"ttl\":300, \"host\":\"ns1.subdel.example.net.\"},{\"ttl\":300, \ "host\":\"ns2.subdel.example.net.\"}]}"
13) "@"
14) "{\"soa\":{\"ttl\":300, \"minttl\":100, \"mbox\":\"hostmaster.example.net.\",\"ns\": \"ns1.example.net.\",\"refresh\":44,\"retry\":55,\"expire\":66},\"ns\":[{\"ttl\": 300, \"host\":\"ns1.example.net.\"},{\"ttl\":300, \"host\":\"ns2.example.net.\"}]}"
15) "host2"
16)"{\"caa\":[{\"flag\":0, \"tag\":\"issue\", \"value\":\"letsencrypt.org\"}]}"
redis-cli>

Other Tools

FAQs

Package last updated on 25 Jul 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc