Merge branch 'coredns:master' into master

.circleci/config.yml

@@ -18,7 +18,7 @@ initWorkingDir: &initWorkingDir
 
 integrationDefaults: &integrationDefaults
   machine:
-    image: ubuntu-2004:202201-02
+    image: ubuntu-2004:2022.04.2
   working_directory: ~/go/src/${CIRCLE_PROJECT_USERNAME}/coredns
   environment:
     - K8S_VERSION: v1.22.0

.github/workflows/cifuzz.yml

@@ -20,7 +20,7 @@ jobs:
           fuzz-seconds: 600
           dry-run: false
       - name: Upload Crash
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
         if: failure() && steps.build.outcome == 'success'
         with:
           name: artifacts

.github/workflows/codeql-analysis.yml

@@ -30,12 +30,12 @@ jobs:
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2f58583a1b24a7d3c7034f6bf9fa506d23b1183b
+        uses: github/codeql-action/init@3e7e3b32d0fb8283594bb0a76cc60a00918b0969
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@2f58583a1b24a7d3c7034f6bf9fa506d23b1183b
+        uses: github/codeql-action/autobuild@3e7e3b32d0fb8283594bb0a76cc60a00918b0969
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2f58583a1b24a7d3c7034f6bf9fa506d23b1183b
+        uses: github/codeql-action/analyze@3e7e3b32d0fb8283594bb0a76cc60a00918b0969

.github/workflows/depsreview.yml

@@ -11,4 +11,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3f943b86c9a289f4e632c632695e2e0898d9d67d
+        uses: actions/dependency-review-action@94145f3150bfabdc97540cbd5f7e926306ea7744

.github/workflows/go.coverage.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Go
-        uses: actions/setup-go@fcdc43634adb5f7ae75a9d7a9b9361790f7293e2
+        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
         with:
           go-version: '1.18.0'
         id: go

.github/workflows/go.test.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Go
-        uses: actions/setup-go@fcdc43634adb5f7ae75a9d7a9b9361790f7293e2
+        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
         with:
           go-version: '1.18.0'
         id: go
@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Go
-        uses: actions/setup-go@fcdc43634adb5f7ae75a9d7a9b9361790f7293e2
+        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
         with:
           go-version: '1.18.0'
         id: go
@@ -50,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Go
-        uses: actions/setup-go@fcdc43634adb5f7ae75a9d7a9b9361790f7293e2
+        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
         with:
           go-version: '1.18.0'
         id: go

.github/workflows/go.tidy.yml

@@ -13,7 +13,7 @@ jobs:
       contents: write
     steps:
       - name: Install Go
-        uses: actions/setup-go@fcdc43634adb5f7ae75a9d7a9b9361790f7293e2
+        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
         with:
           go-version: '1.18.0'
         id: go

.github/workflows/golangci-lint.yml

@@ -0,0 +1,16 @@
+name: golangci-lint
+on:
+  pull_request:
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
+        with:
+          go-version: '1.18'
+      - uses: actions/checkout@v3
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.46.2

.github/workflows/make.doc.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
 
       - name: Setup Go
-        uses: actions/setup-go@fcdc43634adb5f7ae75a9d7a9b9361790f7293e2
+        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
         with:
           go-version: '1.18.0'
 

.github/workflows/scorecards.yml

@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1
+        uses: ossf/scorecard-action@ce330fde6b1a5c9c75b417e7efc510b822a35564
         with:
           results_file: results.sarif
           results_format: sarif
@@ -42,14 +42,14 @@ jobs:
 
       # Upload the results as artifacts (optional).
       - name: "Upload artifact"
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2f58583a1b24a7d3c7034f6bf9fa506d23b1183b
+        uses: github/codeql-action/upload-sarif@3e7e3b32d0fb8283594bb0a76cc60a00918b0969
         with:
           sarif_file: results.sarif

.github/workflows/stale.yml

@@ -13,7 +13,7 @@ jobs:
       pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@3cc123766321e9f15a6676375c154ccffb12a358
+      - uses: actions/stale@532554b8a8498a0e006fbcde824b048728c4178f
         with:
           stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days'
           stale-pr-message: 'This pull request is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days'

.golangci.yml

@@ -0,0 +1,13 @@
+run:
+  timeout: 5m
+linters:
+  disable-all: true
+  enable:
+    - deadcode
+    - govet
+    - ineffassign
+    - staticcheck
+    - structcheck
+    - typecheck
+    - varcheck
+    - whitespace

CODEOWNERS

@@ -1,6 +1,6 @@
 # @miekg, [email protected], project lead: 11/11/2022
 
-*                       @bradbeam @chrisohaver @dilyevsky @jameshartig @greenpau @isolus @johnbelamaric @miekg @pmoroney @rajansandeep @stp-ip @superq @yongtang
+*                       @bradbeam @chrisohaver @dilyevsky @jameshartig @greenpau @isolus @johnbelamaric @miekg @pmoroney @rajansandeep @stp-ip @superq @yongtang @Tantalor93
 
 /.circleci/             @miekg @chrisohaver @rajansandeep
 /plugin/pkg/            @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
@@ -12,45 +12,46 @@ go.sum                  @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
 go.mod                  @miekg @chrisohaver @johnbelamaric @yongtang @stp-ip
 
 /plugin/acl/            @miekg @ihac
-/plugin/any/            @miekg
+/plugin/any/            @miekg @yongtang
 /plugin/auto/           @miekg @stp-ip
 /plugin/autopath/       @chrisohaver @miekg
 /plugin/azure/          @miekg @yongtang @darshanime
 /plugin/bind/           @miekg
 /plugin/bufsize/        @ykhr53
-/plugin/cache/          @miekg
+/plugin/cache/          @miekg @chrisohaver
 /plugin/cancel/         @miekg
 /plugin/chaos/          @miekg @zouyee
 /plugin/clouddns/       @miekg @yongtang
 /plugin/dns64           @superq
 /plugin/dnssec/         @isolus @miekg
 /plugin/dnstap/         @varyoo @yongtang
 /plugin/erratic/        @miekg
-/plugin/errors/         @miekg
+/plugin/errors/         @miekg @Tantalor93
 /plugin/etcd/           @miekg @nitisht
 /plugin/file/           @miekg @yongtang @stp-ip
-/plugin/forward/        @johnbelamaric @miekg @rdrozhdzh
+/plugin/forward/        @johnbelamaric @miekg @rdrozhdzh @Tantalor93 @chrisohaver
 /plugin/geoip/          @miekg @snebel29
 /plugin/grpc/           @inigohu @miekg @zouyee
 /plugin/health/         @jameshartig @miekg @zouyee
 /plugin/header/         @miekg @mqasimsarfraz
 /plugin/hosts/          @johnbelamaric @pmoroney
-/plugin/k8s_external/   @miekg
+/plugin/k8s_external/   @miekg @chrisohaver
 /plugin/kubernetes/     @bradbeam @chrisohaver @johnbelamaric @miekg @rajansandeep @yongtang @zouyee
 /plugin/loadbalance/    @miekg
-/plugin/log/            @miekg @nchrisdk
+/plugin/log/            @miekg @nchrisdk @Tantalor93
 /plugin/loop/           @miekg @chrisohaver
-/plugin/metadata/       @ekleiner @miekg
-/plugin/metrics/        @jameshartig @miekg @superq @greenpau
+/plugin/metadata/       @ekleiner @miekg @Tantalor93
+/plugin/metrics/        @jameshartig @miekg @superq @greenpau @Tantalor93
 /plugin/nsid/           @yongtang
 /plugin/pprof/          @miekg @zouyee
 /plugin/reload/         @johnbelamaric
 /plugin/rewrite/        @greenpau @johnbelamaric
-/plugin/root/           @miekg
+/plugin/root/           @miekg @yongtang
 /plugin/route53/        @yongtang @dilyevsky
 /plugin/secondary/      @bradbeam @miekg
 /plugin/template/       @rtreffer
 /plugin/tls/            @johnbelamaric
-/plugin/trace/          @johnbelamaric @zouyee
+/plugin/trace/          @johnbelamaric @zouyee @Tantalor93
 /plugin/transfer/       @miekg @chrisohaver
-/plugin/whoami/         @miekg @chrisohaver
+/plugin/tsig/           @chrisohaver
+/plugin/whoami/         @miekg @chrisohaver @yongtang

README.md

@@ -73,7 +73,7 @@ CoreDNS requires Go to compile. However, if you already have docker installed an
 setup a Go environment, you could build CoreDNS easily:
 
 ```
-$ docker run --rm -i -t -v $PWD:/v -w /v golang:1.17 make
+$ docker run --rm -i -t -v $PWD:/v -w /v golang:1.18 make
 ```
 
 The above command alone will have `coredns` binary generated.

core/dnsserver/address.go

@@ -49,7 +49,6 @@ func newOverlapZone() *zoneOverlap {
 // registerAndCheck adds a new zoneAddr for validation, it returns information about existing or overlapping with already registered
 // we consider that an unbound address is overlapping all bound addresses for same zone, same port
 func (zo *zoneOverlap) registerAndCheck(z zoneAddr) (existingZone *zoneAddr, overlappingZone *zoneAddr) {
-
 	if exist, ok := zo.registeredAddr[z]; ok {
 		// exact same zone already registered
 		return &exist, nil

core/dnsserver/address_test.go

@@ -43,7 +43,6 @@ func TestSplitProtocolHostPort(t *testing.T) {
 		if port != test.port {
 			t.Errorf("Test %d: (address = %s) expected port with value %s but got %s", i, test.input, test.port, port)
 		}
-
 	}
 }
 
@@ -92,7 +91,6 @@ func TestOverlapAddressChecker(t *testing.T) {
 		},
 		},
 	} {
-
 		checker := newOverlapZone()
 		for _, call := range test.sequence {
 			same, overlap := checker.registerAndCheck(call.zone)
@@ -108,10 +106,8 @@ func TestOverlapAddressChecker(t *testing.T) {
 					if overlap.String() != call.overlapKey {
 						t.Errorf("Test %d: error, for zone %s, 'overlap Key' (%v) has not the expected value (%v)", i, sZone, overlap.String(), call.overlapKey)
 					}
-
 				}
 			}
-
 		}
 	}
 }

core/dnsserver/config.go

@@ -28,6 +28,9 @@ type Config struct {
 	// Debug controls the panic/recover mechanism that is enabled by default.
 	Debug bool
 
+	// Stacktrace controls including stacktrace as part of log from recover mechanism, it is disabled by default.
+	Stacktrace bool
+
 	// The transport we implement, normally just "dns" over TCP/UDP, but could be
 	// DNS-over-TLS or DNS-over-gRPC.
 	Transport string
@@ -40,6 +43,9 @@ type Config struct {
 	// TLSConfig when listening for encrypted connections (gRPC, DNS-over-TLS).
 	TLSConfig *tls.Config
 
+	// TSIG secrets, [name]key.
+	TsigSecret map[string]string
+
 	// Plugin stack.
 	Plugin []plugin.Plugin
 

core/dnsserver/onstartup.go

@@ -2,9 +2,22 @@ package dnsserver
 
 import (
 	"fmt"
+	"regexp"
 	"sort"
+
+	"github.com/coredns/coredns/plugin/pkg/dnsutil"
 )
 
+// checkZoneSyntax() checks whether the given string match 1035 Preferred Syntax or not.
+// The root zone, and all reverse zones always return true even though they technically don't meet 1035 Preferred Syntax
+func checkZoneSyntax(zone string) bool {
+	if zone == "." || dnsutil.IsReverse(zone) != 0 {
+		return true
+	}
+	regex1035PreferredSyntax, _ := regexp.MatchString(`^(([A-Za-z]([A-Za-z0-9-]*[A-Za-z0-9])?)\.)+$`, zone)
+	return regex1035PreferredSyntax
+}
+
 // startUpZones creates the text that we show when starting up:
 // grpc://example.com.:1055
 // example.com.:1053 on 127.0.0.1
@@ -13,13 +26,17 @@ func startUpZones(protocol, addr string, zones map[string]*Config) string {
 
 	keys := make([]string, len(zones))
 	i := 0
+
 	for k := range zones {
 		keys[i] = k
 		i++
 	}
 	sort.Strings(keys)
 
 	for _, zone := range keys {
+		if !checkZoneSyntax(zone) {
+			s += fmt.Sprintf("Warning: Domain %q does not follow RFC1035 preferred syntax\n", zone)
+		}
 		// split addr into protocol, IP and Port
 		_, ip, port, err := SplitProtocolHostPort(addr)
 

core/dnsserver/onstartup_test.go

@@ -0,0 +1,39 @@
+package dnsserver
+
+import (
+	"testing"
+)
+
+func TestRegex1035PrefSyntax(t *testing.T) {
+	testCases := []struct {
+		zone     string
+		expected bool
+	}{
+		{zone: ".", expected: true},
+		{zone: "example.com.", expected: true},
+		{zone: "example.", expected: true},
+		{zone: "example123.", expected: true},
+		{zone: "example123.com.", expected: true},
+		{zone: "abc-123.com.", expected: true},
+		{zone: "an-example.com.", expected: true},
+		{zone: "a.example.com.", expected: true},
+		{zone: "1.0.0.2.ip6.arpa.", expected: true},
+		{zone: "0.10.in-addr.arpa.", expected: true},
+		{zone: "example", expected: false},
+		{zone: "example:.", expected: false},
+		{zone: "-example.com.", expected: false},
+		{zone: ".example.com.", expected: false},
+		{zone: "1.example.com", expected: false},
+		{zone: "abc.123-xyz.", expected: false},
+		{zone: "example-?&^%$.com.", expected: false},
+		{zone: "abc-.example.com.", expected: false},
+		{zone: "abc-%$.example.com.", expected: false},
+		{zone: "123-abc.example.com.", expected: false},
+	}
+
+	for _, testCase := range testCases {
+		if checkZoneSyntax(testCase.zone) != testCase.expected {
+			t.Errorf("Expected %v for %q", testCase.expected, testCase.zone)
+		}
+	}
+}