惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News | PayPal Newsroom
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News: Ask HN
Hacker News: Ask HN
H
Hacker News: Front Page
Apple Machine Learning Research
Apple Machine Learning Research
TaoSecurity Blog
TaoSecurity Blog
Help Net Security
Help Net Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
V2EX
Hugging Face - Blog
Hugging Face - Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
人人都是产品经理
人人都是产品经理
博客园 - 三生石上(FineUI控件)
Security Latest
Security Latest
Cloudbric
Cloudbric
WordPress大学
WordPress大学
S
SegmentFault 最新的问题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
L
LangChain Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The GitHub Blog
The GitHub Blog
P
Proofpoint News Feed
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
M
MIT News - Artificial intelligence
Google DeepMind News
Google DeepMind News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Cloudflare Blog
小众软件
小众软件
NISL@THU
NISL@THU
云风的 BLOG
云风的 BLOG
P
Privacy & Cybersecurity Law Blog
S
Security @ Cisco Blogs
博客园 - 【当耐特】
I
InfoQ
Vercel News
Vercel News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Proofpoint News Feed
O
OpenAI News
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
K
Kaspersky official blog
T
Threat Research - Cisco Blogs
量子位
宝玉的分享
宝玉的分享

alternate on CoreDNS: DNS and Service Discovery

暂无文章

alternate
2020-09-28 · via alternate on CoreDNS: DNS and Service Discovery

Description

The alternate plugin is able to selectively forward queries to another upstream server, depending the error result provided by the initial resolver. It allows an alternate set of upstreams be specified which will be used if the plugin chain returns specific error messages. The alternate plugin utilizes the forward plugin (https://coredns.io/plugins/forward) to query the specified upstreams.

The alternate plugin supports only DNS protocol and random policy w/o additional forward parameters, so following directives will fail:

. {
    forward . 8.8.8.8
    alternate NXDOMAIN . tls://192.168.1.1:853 {
        policy sequential
    }
}

As the name suggests, the purpose of the alternate is to allow a alternate when, for example, the desired upstreams became unavailable.

Syntax

{
    alternate [original] RCODE_1[,RCODE_2,RCODE_3...] . DNS_RESOLVERS
}
  • original is optional flag. If it is set then alternate uses original request instead of potentially changed by other plugins
  • RCODE is the string representation of the error response code. The complete list of valid rcode strings are defined as RcodeToString in https://github.com/miekg/dns/blob/master/msg.go, examples of which are SERVFAIL, NXDOMAIN and REFUSED. At least one rcode is required, but multiple rcodes may be specified, delimited by commas.
  • DNS_RESOLVERS accepts dns resolvers list.

Examples

Alternate to local DNS server

The following specifies that all requests are forwarded to 8.8.8.8. If the response is NXDOMAIN, alternate will forward the request to 192.168.1.1:53, and reply to client accordingly.

. {
	forward . 8.8.8.8
	alternate NXDOMAIN . 192.168.1.1:53
	log
}

Alternate with original request used

The following specify that original query will be forwarded to 192.168.1.1:53 if 8.8.8.8 response is NXDOMAIN. original means no changes from next plugins on request. With no original flag alternate will forward request with EDNS0 option (set by rewrite).

. {
	forward . 8.8.8.8
	rewrite edns0 local set 0xffee 0x61626364
	alternate original NXDOMAIN . 192.168.1.1:53
	log
}

Multiple alternates

Multiple alternates can be specified, as long as they serve unique error responses.

. {
    forward . 8.8.8.8
    alternate NXDOMAIN . 192.168.1.1:53
    alternate original SERVFAIL,REFUSED . 192.168.100.1:53
    log
}