惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
Last Week in AI
Last Week in AI
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
H
Help Net Security
F
Fortinet All Blogs
MyScale Blog
MyScale Blog
宝玉的分享
宝玉的分享
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 司徒正美
量子位
N
Netflix TechBlog - Medium
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
Recorded Future
Recorded Future
博客园 - 三生石上(FineUI控件)
Vercel News
Vercel News
aimingoo的专栏
aimingoo的专栏
I
InfoQ
Microsoft Security Blog
Microsoft Security Blog
Scott Helme
Scott Helme
The Last Watchdog
The Last Watchdog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
AI
AI
WordPress大学
WordPress大学
Security Archives - TechRepublic
Security Archives - TechRepublic
Google Online Security Blog
Google Online Security Blog
U
Unit 42
V2EX - 技术
V2EX - 技术
MongoDB | Blog
MongoDB | Blog
Schneier on Security
Schneier on Security
博客园 - Franky
H
Heimdal Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Jina AI
Jina AI
W
WeLiveSecurity
P
Privacy & Cybersecurity Law Blog
Cloudbric
Cloudbric
B
Blog RSS Feed
N
News | PayPal Newsroom
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
雷峰网
雷峰网

Routing on CoreDNS: DNS and Service Discovery

暂无文章

Query Routing
miek · 2016-10-13 · via Routing on CoreDNS: DNS and Service Discovery

Quiz time, in the following Corefile:

. {
  proxy . 8.8.8.8:53
  file db.example.com
}

Will a query for www.google.com be handled by the proxy or the file plugin? Answer below.

What does this Corefile actually say? It specifies that queries for root (.) and everything below it (so for all domain names) we should enter this stanza.

Next all queries should be forwarded to 8.8.8.8:53.

Then because the file plugin does not specify what zones should be answered from the db.example.com file, the toplevel one applies, which is root (.)

So we are left with a situation where both plugins will be called for the same names (which can be perfectly valid for plugin that calls other chained-in plugin).

But proxy will not call file because the query will be answered and done with after the plugin exists - the same is true for the opposite direction.

To look what into what happens here we have to look the plugins ordering:

...
dnssec:dnssec
file:file
etcd:etcd
proxy:proxy
...

And we see that file is first and proxy comes somewhat later. This means that in the example above all queries are routed to the file plugin. It will happily answer those with SERVFAIL, because it probably can’t find www.google.com in a file that will mostly have *.example.com names in it.

In order to fix this, we should either have to separate stanza or specify the origin(s) for the file plugin:

. {
  proxy . 8.8.8.8:53
  file db.example.com example.com
}

To preempt a feature request: Yes, it would be nice of CoreDNS can detect and warn about this (it does not do this now).