惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 【当耐特】
Help Net Security
Help Net Security
P
Proofpoint News Feed
J
Java Code Geeks
爱范儿
爱范儿
Last Week in AI
Last Week in AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
F
Full Disclosure
Google DeepMind News
Google DeepMind News
H
Help Net Security
G
Google Developers Blog
Jina AI
Jina AI
Vercel News
Vercel News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
Lohrmann on Cybersecurity
S
Schneier on Security
Microsoft Azure Blog
Microsoft Azure Blog
IT之家
IT之家
Security Archives - TechRepublic
Security Archives - TechRepublic
阮一峰的网络日志
阮一峰的网络日志
N
News and Events Feed by Topic
GbyAI
GbyAI
B
Blog
O
OpenAI News
博客园_首页
Cisco Talos Blog
Cisco Talos Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Hacker News: Ask HN
Hacker News: Ask HN
TaoSecurity Blog
TaoSecurity Blog
腾讯CDC
MongoDB | Blog
MongoDB | Blog
M
MIT News - Artificial intelligence
C
Cybersecurity and Infrastructure Security Agency CISA
Cyberwarzone
Cyberwarzone
Webroot Blog
Webroot Blog
Simon Willison's Weblog
Simon Willison's Weblog
Y
Y Combinator Blog
C
Cisco Blogs
A
Arctic Wolf
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
AI
AI
W
WeLiveSecurity
aimingoo的专栏
aimingoo的专栏
The Register - Security
The Register - Security
Project Zero
Project Zero
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
Netflix TechBlog - Medium
Blog — PlanetScale
Blog — PlanetScale

reload on CoreDNS: DNS and Service Discovery

暂无文章

reload
2023-08-16 · via reload on CoreDNS: DNS and Service Discovery

Description

This plugin allows automatic reload of a changed Corefile. To enable automatic reloading of zone file changes, use the auto plugin.

This plugin periodically checks if the Corefile has changed by reading it and calculating its SHA512 checksum. If the file has changed, it reloads CoreDNS with the new Corefile. This eliminates the need to send a SIGHUP or SIGUSR1 after changing the Corefile.

The reloads are graceful - you should not see any loss of service when the reload happens. Even if the new Corefile has an error, CoreDNS will continue to run the old config and an error message will be printed to the log. But see the Bugs section for failure modes.

In some environments (for example, Kubernetes), there may be many CoreDNS instances that started very near the same time and all share a common Corefile. To prevent these all from reloading at the same time, some jitter is added to the reload check interval. This is jitter from the perspective of multiple CoreDNS instances; each instance still checks on a regular interval, but all of these instances will have their reloads spread out across the jitter duration. This isn’t strictly necessary given that the reloads are graceful, and can be disabled by setting the jitter to 0s.

Jitter is re-calculated whenever the Corefile is reloaded.

This plugin can only be used once per Server Block.

Syntax

reload [INTERVAL] [JITTER]

The plugin will check for changes every INTERVAL, subject to +/- the JITTER duration.

  • INTERVAL and JITTER are Golang durations. The default INTERVAL is 30s, default JITTER is 15s, the minimal value for INTERVAL is 2s, and for JITTER it is 1s. If JITTER is more than half of INTERVAL, it will be set to half of INTERVAL

Examples

Check with the default intervals:

. {
    reload
    erratic
}

Check every 10 seconds (jitter is automatically set to 10 / 2 = 5 in this case):

. {
    reload 10s
    erratic
}

Bugs

The reload happens without data loss (i.e. DNS queries keep flowing), but there is a corner case where the reload fails, and you lose functionality. Consider the following Corefile:

. {
	health :8080
	whoami
}

CoreDNS starts and serves health from :8080. Now you change :8080 to :443 not knowing a process is already listening on that port. The process reloads and performs the following steps:

  1. close the listener on 8080
  2. reload and parse the config again
  3. fail to start a new listener on 443
  4. fail loading the new Corefile, abort and keep using the old process

After the aborted attempt to reload we are left with the old processes running, but the listener is closed in step 1; so the health endpoint is broken. The same can happen in the prometheus plugin.

In general be careful with assigning new port and expecting reload to work fully.

In CoreDNS v1.6.0 and earlier any import statements are not discovered by this plugin. This means if any of these imported files changes the reload plugin is ignorant of that fact. CoreDNS v1.7.0 and later does parse the Corefile and supports detecting changes in imported files.

Metrics

If monitoring is enabled (via the prometheus plugin) then the following metric is exported:

  • coredns_reload_failed_total{} - counts the number of failed reload attempts.
  • coredns_reload_version_info{hash, value} - record the hash value during reload.

Currently the type of hash is “sha512”, the value is the returned hash value.

See Also

See coredns-import(7) and corefile(5).