惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Security @ Cisco Blogs
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
腾讯CDC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Blog of Author Tim Ferriss
Microsoft Azure Blog
Microsoft Azure Blog
罗磊的独立博客
F
Full Disclosure
博客园 - 【当耐特】
C
CERT Recently Published Vulnerability Notes
Engineering at Meta
Engineering at Meta
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Threatpost
I
Intezer
V2EX - 技术
V2EX - 技术
H
Hackread – Cybersecurity News, Data Breaches, AI and More
The Hacker News
The Hacker News
小众软件
小众软件
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
B
Blog RSS Feed
Microsoft Security Blog
Microsoft Security Blog
N
News | PayPal Newsroom
MyScale Blog
MyScale Blog
AI
AI
Vercel News
Vercel News
Spread Privacy
Spread Privacy
美团技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
V
Vulnerabilities – Threatpost
Schneier on Security
Schneier on Security
Cyberwarzone
Cyberwarzone
G
GRAHAM CLULEY
Help Net Security
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
U
Unit 42
L
LangChain Blog
Recent Announcements
Recent Announcements

Corefile on CoreDNS: DNS and Service Discovery

Query Routing
Corefile Explained
miek · 2017-07-24 · via Corefile on CoreDNS: DNS and Service Discovery

The Corefile is CoreDNS’s configuration file. It defines:

  • What servers listen on what ports and which protocol.
  • For which zone each server is authoritative.
  • Which plugins are loaded in a server.

To explain more, let take a look at this “Corefile”:

ZONE:[PORT] {
    [PLUGIN]...
}
  • ZONE defines the zone this server. The optional PORT defaults to 53, or the value of the -dns.port flag.
  • PLUGIN defines the plugin(s) we want to load. This is optional as well, but a server with no plugins will just return SERVFAIL for all queries. Each plugin can have a number of properties than can have arguments

I.e., in the next example:

The ZONE is root zone ., the PLUGIN is chaos. The chaos plugin does not have any properties, but it does take an argument: CoreDNS-001. This text is returned on a CH class query: dig CH txt version.bind @localhost

. {
   chaos CoreDNS-001
}

If CoreDNS can’t find a Corefile to load is loads the following builtin one that loads the whoami plugin:

. {
    whoami
}

Servers

This is the most minimal Corefile:

. { }

That defines a server to listen on port 53 and make it authoritative for the root zone and everything below. Let’s define another server that is authoritative for . (root zone) and load that:

This will make CoreDNS exit with an error:

2017/07/23 20:39:10 cannot serve dns://.:53 - zone already defined for dns://.:53

Why? Because we already defined a server on the same port for this zone. If we change the port number on the second server and thereby creating another server, it is OK:

When defining a new zone, you either create a new server, or add it to an existing one. Here we define one server that handles two zones; that potentially chain different plugin:

example.org {
    whoami
}
org {
    whoami
}

Note that most specific zone wins when a query comes in, so any example.org queries are going through the server defined for example.org above. The queries for .org are going to the other server.

Reverse Zones

Normally when you want to serve a reverse zone you’ll have to say something:

0.0.10.in-addr.arpa {
    whoami
}

To make this easier CoreDNS just allows you to say:

10.0.0.0/24 {
    whoami
}

This also works for CIDR (in the 1.0.0 release) zones:

10.0.0.0/27 {
    whoami
}

Non Default Protocols

Listening on TLS and for gRPC? Use:

tls://example.org grpc://example.org {
    # ...
}

Specifying ports works in the same way, here when listening for gRPC packets.

grpc://example.org:1443 {
    # ...
}

Also See

The Corefile is parsed like a Caddyfile. We support everything that is described on that page, for instance the use of environment variables.

Other interesting plugins that are helpful in Corefiles are: import startup and shutdown.