coredns / unbound Goto Github PK

View Code? Open in Web Editor NEW

36.0 9.0 21.0 45 KB

CoreDNS plugin that performs recursive queries using libunbound

License: Apache License 2.0

Go 96.95% Makefile 3.05%

unbound's Introduction

unbound

Name

unbound - perform recursive queries using libunbound.

Description

Via unbound you can perform recursive queries. Unbound uses DNSSEC by default when resolving and it returns those records (DNSKEY, RRSIG, NSEC and NSEC3) back to the clients. The unbound plugin will remove those records when a client didn't ask for it. The internal (RR) answer cache of Unbound is disabled, so you may want to use the cache plugin.

Libunbound can be configured via (a subset of) options, currently the following are set, by default:

msg-cache-size, set to 0
rrset-cache-size, set to 0

This plugin can only be used once per Server Block.

Syntax

unbound [FROM]

FROM is the base domain to match for the request to be resolved. If not specified the zones from the server block are used.

More features utilized with an expanded syntax:

unbound [FROM] {
    except IGNORED_NAMES...
    option NAME VALUE
    config FILENAME
}

FROM as above.
IGNORED_NAMES in except is a space-separated list of domains to exclude from resolving.
option allows setting some unbound options (see unbound.conf(5)), this can be specified multiple times.
config allows one to supply an unbound.conf file to configure unbound. Note: The unbound configuration file still needs to be populated inside a docker container.

Metrics

If monitoring is enabled (via the prometheus directive) then the following metric is exported:

coredns_unbound_request_duration_seconds{server} - duration per query.
coredns_unbound_response_rcode_count_total{server, rcode} - count of RCODEs.

The server label indicates which server handled the request, see the metrics plugin for details.

Examples

Resolve queries for all domains:

. {
    unbound
}

Resolve all queries within example.org.

. {
    unbound example.org
}

example.org {
    unbound
}

Resolve everything except queries for example.org (or below):

. {
    unbound {
        except example.org
    }
}

Enable DNS Query Name Minimisation by setting the option:

. {
    unbound {
        option qname-minimisation yes
    }
}

Compiling into CoreDNS

To compile this with CoreDNS you can follow the normal procedure for external plugins, except that you need to compile it with cgo. This means setting CGO_ENABLED=1 when running go build.

Bugs

The unbound plugin depends on libunbound(3) which is C library, to compile this you have a dependency on C and cgo. You can't compile CoreDNS completely static. For compilation you also need the libunbound source code installed (libunbound-dev on Debian).

DNSSEC validation is not supported (yet). There is also no (documented) way of configuration a trust anchor.

unbound's People

Stargazers

Watchers

Forkers

hickey tomsanbear fuhry andrewlouisx devopstoday11 neeravkumar cloudflare isabella232 n0rad avapnofoundation chrisohaver sarandafl littleairmada linuxsuren acidburn0zzz guarandoo giantswarm fedor-git

unbound's Issues

Build error

Build failed with the following error.

github.com/coredns/unbound
# github.com/coredns/unbound
../unbound/unbound.go:127:23: assignment mismatch: 2 variables but 1 values
github.com/mholt/caddy/vendor/github.com/google/uuid
Makefile:16: recipe for target 'coredns' failed
make: *** [coredns] Error 2

How to reproduce:

# docker run -ti golang:1.11
# apt update && apt install -y libunbound-dev
# go get -d -u github.com/coredns/coredns
# go get -d -u github.com/coredns/unbound
# cd $GOPATH/src/github.com/coredns/coredns
# echo "unbound:github.com/coredns/unbound" >> plugin.cfg
# go generate
# make CGO_ENABLED=1

panic: runtime error: index out of range [0] with length 0

What happened:

Facing panic: runtime error: index out of range [0] with length 0

What you expected to happen:

No runtime panic.

How to reproduce it (as minimally and precisely as possible):

Do not know - happens periodically.

Anything else we need to know?:

Dockerfile:

FROM golang:1.17.6-bullseye AS builder

ARG COREDNS_VERSION=1.9.0
ARG UNBOUND_PLUGIN_VERSION=0.0.7

ARG CGO_ENABLED=1

WORKDIR /coredns

RUN apt-get update \
    && apt-get install -y --no-install-recommends libunbound-dev \
    && apt-get clean -y \
    && rm -rf /var/lib/apt/lists/* \
    && curl -L -s https://github.com/coredns/coredns/archive/refs/tags/v${COREDNS_VERSION}.tar.gz | tar --strip-components=1 -xzf - -C . \
    && go get "github.com/coredns/unbound@v${UNBOUND_PLUGIN_VERSION}" \
    && echo "unbound:github.com/coredns/unbound" >> plugin.cfg \
    && go generate \
    && go build


FROM debian:11.2-slim

RUN apt-get update \
    && apt-get install -y --no-install-recommends ca-certificates libunbound8 \
    && apt-get clean -y \
    && rm -rf /var/lib/apt/lists/*

COPY --from=builder /coredns/coredns /opt/coredns

CMD ["/opt/coredns"]

Environment:

the version of CoreDNS: 1.9.0
Corefile:

# Managed by puppet
(common) {
  errors
  log
  prometheus 0.0.0.0:9253
}

(acl_trusted) {
  acl {
    # Some allow net with private and public IPs which I will not reveal
    block
  }
}

. {
    import common
    reload
    cache 3600
    unbound
    debug
}

local. {
    import common
    import acl_trusted
}

xxx.local. {
    import common
    import acl_trusted
    cache 3600
    forward xxx.local. 10.1.1.101 10.1.1.102
}

acme.local. {
    import common
    file zones/acme.local.db {
        reload 10s
    }
}

logs, if applicable:

2022-02-10T14:12:17.2839 193.9.249.145 coredns  panic: runtime error: index out of range [0] with length 0                          
2022-02-10T14:12:17.2839 193.9.249.145 coredns
2022-02-10T14:12:17.2839 193.9.249.145 coredns  goroutine 879 [running]:
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin/cache.key({0xc000748258, 0x9b87f4}, 0xc00000e5e8, 0x0)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/cache/cache.go:78 +0x85
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin/cache.(*ResponseWriter).WriteMsg(0xc00016a6c0, 0xc0005cf5f0)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/cache/cache.go:149 +0xd9
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/unbound.(*Unbound).ServeDNS(0xc00014ae10, {0x22c4df8, 0xc000710a20}, {0x22f
6fc8, 0xc00016a6c0}, 0xc0007093b0)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /go/pkg/mod/github.com/coredns/[email protected]/unbound.go:140 +0x538
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin.NextOrFailure({0x1ebf0d6, 0xc000103000}, {0x22a7df8, 0xc0001
4ae10}, {0x22c4df8, 0xc000710a20}, {0x22f6fc8, 0xc00016a6c0}, 0x1e55440)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/plugin.go:80 +0x264
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin/cache.(*Cache).doRefresh(0xc000623ef0, {0x22c4df8, 0xc000710
a20}, {0xc0007093b0, {0x22f7230, 0xc000d0d540}, {0x0, 0x0}, 0x200, 0x0, ...}, ...)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/cache/handler.go:77 +0xd9
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin/cache.(*Cache).ServeDNS(0xc000623ef0, {0x22c4df8, 0xc000710a
20}, {0x22f7230, 0xc000d0d540}, 0xc000079740)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/cache/handler.go:43 +0x90e
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin.NextOrFailure({0x1ebdb91, 0x1}, {0x22a7718, 0xc000623ef0}, {
0x22c4df8, 0xc000710a20}, {0x22f7230, 0xc000d0d540}, 0x4444e5)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/plugin.go:80 +0x264
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin/log.Logger.ServeDNS({{0x22a7718, 0xc000623ef0}, {0xc00064c9f
0, 0x1, 0x1}, {}}, {0x22c4df8, 0xc000710a20}, {0x22f7180, 0xc000d0d500}, ...)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/log/log.go:36 +0x346
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin.NextOrFailure({0x1ec067e, 0xc000748258}, {0x22ad230, 0xc0006
8f2f0}, {0x22c4df8, 0xc000710a20}, {0x22f7180, 0xc000d0d500}, 0x400)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/plugin.go:80 +0x264
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin/errors.(*errorHandler).ServeDNS(0xc00064c900, {0x22c4df8, 0x
c000710a20}, {0x22f7180, 0xc000d0d500}, 0xc000709320)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/errors/errors.go:84 +0x87
2022-02-10T14:12:17.2839 193.9.249.145 coredns  github.com/coredns/coredns/plugin.NextOrFailure({0x1ec6d92, 0x1}, {0x22a77b8, 0xc00064c900}, {
0x22c4df8, 0xc000710a20}, {0x22f7180, 0xc000d0d500}, 0x0)
2022-02-10T14:12:17.2839 193.9.249.145 coredns          /coredns/plugin/plugin.go:80 +0x264
2022-02-10T14:12:17.2842 193.9.249.145 coredns  github.com/coredns/coredns/plugin/metrics.(*Metrics).ServeDNS(0xc000622cf0, {0x22c4df710a20}, {0x22f7338, 0xc00000e5e8}, 0xc000709320)
2022-02-10T14:12:17.2842 193.9.249.145 coredns          /coredns/plugin/metrics/handler.go:27 +0x255
2022-02-10T14:12:17.2842 193.9.249.145 coredns  github.com/coredns/coredns/core/dnsserver.(*Server).ServeDNS(0xc00012ef60, {0x22c4df8, 0xc0007
10a20}, {0x22f7338, 0xc00000e5e8}, 0xc000709320)
2022-02-10T14:12:17.2842 193.9.249.145 coredns          /coredns/core/dnsserver/server.go:280 +0x64d
2022-02-10T14:12:17.2842 193.9.249.145 coredns  github.com/coredns/coredns/core/dnsserver.(*Server).ServePacket.func1({0x22f8e08, 0xc000862a80
}, 0xc000709301)
2022-02-10T14:12:17.2842 193.9.249.145 coredns          /coredns/core/dnsserver/server.go:128 +0x9b
2022-02-10T14:12:17.2842 193.9.249.145 coredns  github.com/miekg/dns.HandlerFunc.ServeDNS(0xc0002dea00, {0x22f8e08, 0xc000862a80}, 0xc00070932
0)
2022-02-10T14:12:17.2842 193.9.249.145 coredns          /go/pkg/mod/github.com/miekg/[email protected]/server.go:37 +0x2f
2022-02-10T14:12:17.2842 193.9.249.145 coredns  github.com/miekg/dns.(*Server).serveDNS(0xc000712360, {0xc0002dea00, 0x27, 0x0}, 0xc000862a80)
2022-02-10T14:12:17.2842 193.9.249.145 coredns          /go/pkg/mod/github.com/miekg/[email protected]/server.go:659 +0x43e
2022-02-10T14:12:17.2842 193.9.249.145 coredns  github.com/miekg/dns.(*Server).serveUDPPacket(0xc000712360, 0x0, {0xc0002dea00, 0x27, 0x200},
{0x22ea3f0, 0xc000010198}, 0xc0003ec6c0, {0x0, 0x0})
2022-02-10T14:12:17.2842 193.9.249.145 coredns          /go/pkg/mod/github.com/miekg/[email protected]/server.go:603 +0x1dc
2022-02-10T14:12:17.2842 193.9.249.145 coredns  created by github.com/miekg/dns.(*Server).serveUDP
2022-02-10T14:12:17.2842 193.9.249.145 coredns          /go/pkg/mod/github.com/miekg/[email protected]/server.go:533 +0x485

OS (e.g: cat /etc/os-release):

NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

Others:

docker version:

Client:
 Version:           18.09.9
 API version:       1.39
 Go version:        go1.11.13
 Git commit:        039a7df9ba
 Built:             Wed Sep  4 16:51:21 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.9
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.11.13
  Git commit:       039a7df
  Built:            Wed Sep  4 16:22:32 2019
  OS/Arch:          linux/amd64
  Experimental:     false

crashes on some lookups

Hello,

While using coredns 1.7.0 with the config:

    .:53 {
        debug
        health {
           lameduck 5s
        }
        ready
        prometheus :9153
        unbound

        cache

        loop
        reload
    }

And querying for ipleak.net, I get a crash:

panic: runtime error: index out of range [0] with length 0

goroutine 799 [running]:
github.com/coredns/coredns/plugin/cache.key(0xc00003e190, 0xb, 0xc0003a3a70, 0x0, 0x0, 0x0, 0xc0002a4300)
	/src/coredns-1.7.0/plugin/cache/cache.go:78 +0xca
github.com/coredns/coredns/plugin/cache.(*ResponseWriter).WriteMsg(0xc0002aa300, 0xc0003a3a70, 0x1, 0x1)
	/src/coredns-1.7.0/plugin/cache/cache.go:162 +0x165
github.com/coredns/unbound.(*Unbound).ServeDNS(0xc00060e6e0, 0xdf6380, 0xc0002a4330, 0xdfdfe0, 0xc0002aa300, 0xc0002a8d80, 0xc000070bf0, 0x1, 0x1)
	/go/pkg/mod/github.com/coredns/unbound@v0.0.6/unbound.go:140 +0x4ca
github.com/coredns/coredns/plugin.NextOrFailure(0xd00513, 0x4, 0xdebe80, 0xc00060e6e0, 0xdf6380, 0xc0002a4330, 0xdfdfe0, 0xc0002aa300, 0xc0002a8d80, 0x0, ...)
	/src/coredns-1.7.0/plugin/plugin.go:80 +0xfb

If I remove the cache entry from the config, I get no crash but also an empty reply.
If I leave cache but replace unbond with forward, everything works fine

It seems to only happen on some cases, resolving google.com works fine with the above example config

[question] unbound did't work for forward.

I am using the unbound plugin of coredns.But unbound didn't work in this conf:

Corefile

.:53 {
    unbound {
       config /root/tmp/unbound.conf
    }
    log
    cache {
         success 10240 1800 
         denial 2500 600
         prefetch 8000
    }
    health :8090
    errors
    whoami
}

unbound.conf

forward-zone:
    name: "."
    forward-addr: 8.8.8.8

But when i get a record, it say:

$ dig www.google.com @localhost

; <<>> DiG 9.10.3-P4-Debian <<>> www.google.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57794
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ADDITIONAL SECTION:
www.google.com.         5       IN      A       172.17.0.1
_udp.www.google.com.    5       IN      SRV     0 0 33089 .

;; Query time: 1 msec
;; SERVER: ::1#53(::1)

;; MSG SIZE  rcvd: 111

And coredns log it:
```
[INFO] 172.17.0.1:33089 - 57794 "A IN www.google.com. udp 43 false 4096" NOERROR qr,aa,rd 100 0.000150929s
```
Coredns had loaded the unbound.conf,but i think the unbound didn't work well. So how can i make it work?

deprecated function Normalize

Hi, guys. I think unbound doesn't work for me cuz:

[WARNING] An external plugin (/go/pkg/mod/github.com/coredns/[email protected]/setup.go line 63) is using the deprecated function Normalize. This will be removed in a future versions of CoreDNS. The plugin should be updated to use OriginsFromArgsOrServerBlock or NormalizeExact instead.

I have the latest version of Coredns.
Are you planning for any updates? Or maybe can recommend any analog of this plugin?

support DNS-over-TLS

Unbound supports it, should figure what we need to make it work here as well.
May need code changes or may just work with the configuration options we currently have.

Panic error when resolving 2.0.0.127.zen.spamhaus.org.

What happened:

When I try to resolve "2.0.0.127.zen.spamhaus.org." with dig:

dig a 2.0.0.127.zen.spamhaus.org.

I see CoreDNS outputs this:

[ERROR] Recovered from panic in server: "dns://:53" runtime error: index out of range [0] with length 0

So I added "debug" plugin and here is the result:

panic: runtime error: index out of range [0] with length 0
goroutine 88 [running]:
github.com/coredns/coredns/plugin/cache.key({0xc0003743c0, 0x707b8f}, 0x4aa8c5, 0x0)
        /root/coredns2/coredns/plugin/cache/cache.go:80 +0x85
github.com/coredns/coredns/plugin/cache.(*ResponseWriter).WriteMsg(0xc0000e4840, 0xc0006158c0)
        /root/coredns2/coredns/plugin/cache/cache.go:151 +0xd9
github.com/coredns/unbound.(*Unbound).ServeDNS(0xc000100410, {0x22c7598, 0xc000661290}, {0x22f96a8, 0xc0000e4840}, 0xc0006157a0)
        /root/go/pkg/mod/github.com/coredns/[email protected]/unbound.go:140 +0x538
github.com/coredns/coredns/plugin.NextOrFailure({0x1ec14d6, 0xc00006e800}, {0x22aa560, 0xc000100410}, {0x22c7598, 0xc000661290}, {0x22f96a8, 0xc0000e4840}, 0x1e57660)
        /root/coredns2/coredns/plugin/plugin.go:80 +0x264
github.com/coredns/coredns/plugin/cache.(*Cache).doRefresh(0xc00020bb80, {0x22c7598, 0xc000661290}, {0xc0006157a0, {0x22f9910, 0xc000383240}, {0x0, 0x0}, 0x1000, 0x0, ...}, ...)
        /root/coredns2/coredns/plugin/cache/handler.go:77 +0xd9
github.com/coredns/coredns/plugin/cache.(*Cache).ServeDNS(0xc00020bb80, {0x22c7598, 0xc000661290}, {0x22f9910, 0xc000383240}, 0x0)
        /root/coredns2/coredns/plugin/cache/handler.go:43 +0x94e
github.com/coredns/coredns/plugin.NextOrFailure({0x1ebff91, 0x1}, {0x22a9e80, 0xc00020bb80}, {0x22c7598, 0xc000661290}, {0x22f9910, 0xc000383240}, 0x1c9eca0)
        /root/coredns2/coredns/plugin/plugin.go:80 +0x264
github.com/coredns/coredns/plugin/log.Logger.ServeDNS({{0x22a9e80, 0xc00020bb80}, {0xc00047e510, 0x1, 0x1}, {}}, {0x22c7598, 0xc000661290}, {0x22f9a18, 0xc000120b10}, ...)
        /root/coredns2/coredns/plugin/log/log.go:36 +0x346
github.com/coredns/coredns/core/dnsserver.(*Server).ServeDNS(0xc00036e4e0, {0x22c7598, 0xc000661290}, {0x22f9a18, 0xc000120b10}, 0xc000615710)
        /root/coredns2/coredns/core/dnsserver/server.go:280 +0x64d
github.com/coredns/coredns/core/dnsserver.(*Server).ServePacket.func1({0x22fb4e8, 0xc0001fcc00}, 0xc000615701)
        /root/coredns2/coredns/core/dnsserver/server.go:128 +0x9b
github.com/miekg/dns.HandlerFunc.ServeDNS(0xc0000e7000, {0x22fb4e8, 0xc0001fcc00}, 0xc000615710)
        /root/go/pkg/mod/github.com/miekg/[email protected]/server.go:37 +0x2f
github.com/miekg/dns.(*Server).serveDNS(0xc000618900, {0xc0000e7000, 0x43, 0x0}, 0xc0001fcc00)
        /root/go/pkg/mod/github.com/miekg/[email protected]/server.go:659 +0x43e
github.com/miekg/dns.(*Server).serveUDPPacket(0xc000618900, 0x0, {0xc0000e7000, 0x43, 0x200}, {0x22ecad0, 0xc0003520f0}, 0xc0005cb160, {0x0, 0x0})
        /root/go/pkg/mod/github.com/miekg/[email protected]/server.go:603 +0x1dc
created by github.com/miekg/dns.(*Server).serveUDP
        /root/go/pkg/mod/github.com/miekg/[email protected]/server.go:533 +0x485

This is the Corefile I am using:

.:53 {
    unbound
    cache    
    log
}

What you expected to happen:

It should not show the panic error.

But additionally, it should show an answer same as by using 1.1.1.1:

; <<>> DiG 9.16.22-Debian <<>> A 2.0.0.127.zen.spamhaus.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53566
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;2.0.0.127.zen.spamhaus.org.    IN      A

;; ANSWER SECTION:
2.0.0.127.zen.spamhaus.org. 60  IN      A       127.0.0.2
2.0.0.127.zen.spamhaus.org. 60  IN      A       127.0.0.10
2.0.0.127.zen.spamhaus.org. 60  IN      A       127.0.0.4

;; Query time: 39 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Feb 23 00:47:17 UTC 2022
;; MSG SIZE  rcvd: 103

Instead it shows nothing (probably due to the crash), and sometimes I see this in the log:

[INFO] XXXXXXX:51176 - 61915 "A IN 2.0.0.127.zen.spamhaus.org. udp 67 false 4096" NXDOMAIN qr,rd,ra 136 0.755868575s

It is not able to resolve the DNSBL address?

How to reproduce it (as minimally and precisely as possible):

Use same Corefile as shown above and then use dig like this:

dig a 2.0.0.127.zen.spamhaus.org.

It should show the panic error, sometimes it shows the NXDOMAIN so just retry a few times.

Anything else we need to know?:

Environment:

Debian GNU/Linux 11 (bullseye)
CoreDNS-1.9.0
linux/amd64, go1.17.7

corebot test issue

testing 1

Installing recursor - too many errors (Unbound) - make: *** [Makefile:16: coredns] Error 2

Hi!

I am trying to install the recursor as per the manual instructs but I end up at this error.

When I run make i get the following error:

# github.com/miekg/unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/dns.go:12:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/dns.go:16:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/dns.go:20:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/lookup.go:14:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/lookup.go:33:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/lookup.go:41:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/lookup.go:55:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/lookup.go:84:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/lookup.go:97:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/lookup.go:116:10: undefined: Unbound
/root/go/pkg/mod/github.com/miekg/[email protected]/lookup.go:116:10: too many errors
make: *** [Makefile:16: coredns] Error 2

System:
Linux dns-recursor-test 5.4.0-94-generic coredns/deployment#106-Ubuntu SMP Thu Jan 6 23:58:14 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Any ideas?

Thank you!

Update refs to mholt/caddy -> caddyserver/caddy

setup.go:24:21: cannot use c (type *"github.com/mholt/caddy".Controller) as type *"github.com/caddyserver/caddy".Controller in argument to dnsserver.GetConfig

Crash and burn during performance test

I did performance testing on CoreDNS with Unbound DNS Recursion support yesterday evening, and im gutted 🙁

The test goes fine up until ~100 queries pr. second and then the CPU usage spins out of control to 100% and hundreds og CoreDNS processes spawn in some kind of loop until the entire thing crashes in a panic condition.

I ran the test on current master with dnsperf and standard query file. First in a build with Unbound2 on Debian Stretch, then with Unbound8 on Debian Buster to the same result.

DNSSEC

I'm not sure if libunbound does validation by default... One probably needs to configure trust anchors and things like that; would be nice to document how this is done are have some default/option that makes this works: dnssec <TRUST ANCHOR>.

Unable to set forward-addr

When trying to use the following

lab.some.domain {
     errors
     proxy 205.251.194.54 205.251.196.168 205.251.199.7 205.251.193.140
     unbound {
         option verbosity 3
         option forward-addr 10.67.13.8
     }
}

I receive a syntax error.

2018/06/18 22:53:32 plugin/unbound: failed to set option "forward-addr:" with value "10.67.13.8": syntax error

metrics

Add metrics that other proxies have. We can at least get duration as we track that.

Unbound plugin not producing log or DNSTAP events

It seems like the external unbound plugin doesn't play well with other plugins like log and dnstap.

. {
        unbound
        cache 604800 {
                prefetch 5 60m 10%
        }
        log
        dnstap tcp://127.0.0.1:6000 full
        prometheus :9252
}

When this configuration is hit - no log or dnstap events are generated - even though the DNSTAP connection is established.
Is the configuration wrong?

For non-edns0 DO bit request filter DNSSEC record

If a request does not set the DO bit we should filter out the RRSIGs (and probably NSEC/NSEC3)