Resolves https://github.com/coredns/coredns.io/issues/313

content/blog/coredns-1.11.2.md

@@ -0,0 +1,53 @@
++++
+title = "CoreDNS-1.11.2 Release"
+description = "CoreDNS-1.11.2 Release Notes."
+tags = ["Release", "1.11.2", "Notes"]
+release = "1.11.2"
+date = "2024-01-26T00:00:00+00:00"
+author = "coredns"
++++
+
+This release contains some new features, bug fixes, and package updates.
+New features include:
+* When the _forward_ plugin receives a malformed upstream response that overflows,
+  it will now send an empty response to the client with the truncated (TC) bit set to prompt the client
+  to retry over TCP.
+* The _rewrite_ plugin can now rewrite response codes.
+* The _dnstap_ plugin now supports adding metadata to the dnstap `extra` field.
+
+## Brought to You By
+
+Amila Senadheera,
+Ben Kochie,
+Benjamin,
+Chris O'Haver,
+Grant Spence,
+John Belamaric,
+Keita Kitamura,
+Marius Kimmina,
+Michael Grosser,
+Ondřej Benkovský,
+P. Radha Krishna,
+Rahil Bhimjiani,
+Sri Harsha,
+Tom Thorogood,
+Willow (GHOST),
+Yong Tang,
+Yuheng,
+Zhizhen He,
+guangwu,
+journey-c,
+pschou
+
+## Noteworthy Changes
+
+* plugin/tls: respect the path specified by root plugin (https://github.com/coredns/coredns/pull/6138)
+* plugin/auto: warn when auto is unable to read elements of the directory tree (https://github.com/coredns/coredns/pull/6333)
+* plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (https://github.com/coredns/coredns/pull/6351)
+* plugin/cache: key cache on Checking Disabled (CD) bit (https://github.com/coredns/coredns/pull/6354)
+* plugin/forward: Use the correct root domain name in the forward plugin's health checks (https://github.com/coredns/coredns/pull/6395)
+* plugin/forward: Handle UDP responses that overflow with TC bit (https://github.com/coredns/coredns/pull/6277)
+* plugin/rewrite: fix multi request concurrency issue in cname rewrite (https://github.com/coredns/coredns/pull/6407)
+* plugin/rewrite: add rcode as a rewrite option (https://github.com/coredns/coredns/pull/6204)
+* plugin/dnstap: add support for "extra" field in payload (https://github.com/coredns/coredns/pull/6226)
+* plugin/cache: fix keepttl parsing (https://github.com/coredns/coredns/pull/6250)

content/blog/coredns-1.11.3.md

@@ -0,0 +1,59 @@
++++
+title = "CoreDNS-1.11.3 Release"
+description = "CoreDNS-1.11.3 Release Notes."
+tags = ["Release", "1.11.3", "Notes"]
+release = "1.11.3"
+date = "2024-04-24T16:57:00-04:00
+author = "coredns"
++++
+
+This release contains some new features, bug fixes, and package updates. Because of the deployment issues with the previous release, all changed features from 1.11.2 have been included in this release.
+New features include:
+* When the _forward_ plugin receives a malformed upstream response that overflows,
+  it will now send an empty response to the client with the truncated (TC) bit set to prompt the client
+  to retry over TCP.
+* The _rewrite_ plugin can now rewrite response codes.
+* The _dnstap_ plugin now supports adding metadata to the dnstap `extra` field.
+
+## Brought to You By
+
+Amila Senadheera,
+Ben Kochie,
+Benjamin,
+Chris O'Haver,
+Grant Spence,
+John Belamaric,
+Keita Kitamura,
+Marius Kimmina,
+Michael Grosser,
+Ondřej Benkovský,
+P. Radha Krishna,
+Rahil Bhimjiani,
+Sri Harsha,
+Tom Thorogood,
+Willow (GHOST),
+Yong Tang,
+Yuheng,
+Zhizhen He,
+guangwu,
+journey-c,
+pschou
+Ted Ford
+
+## Noteworthy Changes
+
+* plugin/tls: respect the path specified by root plugin (https://github.com/coredns/coredns/pull/6138)
+* plugin/auto: warn when auto is unable to read elements of the directory tree (https://github.com/coredns/coredns/pull/6333)
+* plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (https://github.com/coredns/coredns/pull/6351)
+* plugin/cache: key cache on Checking Disabled (CD) bit (https://github.com/coredns/coredns/pull/6354)
+* plugin/forward: Use the correct root domain name in the forward plugin's health checks (https://github.com/coredns/coredns/pull/6395)
+* plugin/forward: Handle UDP responses that overflow with TC bit (https://github.com/coredns/coredns/pull/6277)
+* plugin/rewrite: fix multi request concurrency issue in cname rewrite (https://github.com/coredns/coredns/pull/6407)
+* plugin/rewrite: add rcode as a rewrite option (https://github.com/coredns/coredns/pull/6204)
+* plugin/dnstap: add support for "extra" field in payload (https://github.com/coredns/coredns/pull/6226)
+* plugin/cache: fix keepttl parsing (https://github.com/coredns/coredns/pull/6250)
+* Return RcodeServerFailure when DNS64 has no next plugin (https://github.com/coredns/coredns/pull/6590)
+* Change the log flags to be a variable that can be set (https://github.com/coredns/coredns/pull/6546)
+* Bump go version to 1.21 (https://github.com/coredns/coredns/pull/6533)
+* replace the mutex locks in logging with atomic bool for the "on" flag (https://github.com/coredns/coredns/pull/6525)
+* Enable Prometheus native histograms (https://github.com/coredns/coredns/pull/6524)

content/plugins/autopath.md

@@ -4,7 +4,7 @@ description = "*autopath* allows for server-side search path completion."
 weight = 4
 tags = ["plugin", "autopath"]
 categories = ["plugin"]
-date = "2020-10-16T12:42:25.87725810"
+date = "2024-10-10T08:30:45.87745810"
 +++
 
 ## Description
@@ -60,7 +60,7 @@ path) in the following case. To properly build the search path of a client *auto
 the namespace of the a Pod making a DNS request. To do this, it relies on the *kubernetes* plugin's
 Pod cache to resolve the client's IP address to a Pod. The Pod cache is maintained by an API watch
 on Pods. When Pod IP assignments change, the Kubernetes API notifies CoreDNS via the API watch.
-However, that notification is not instantaneous. In the case that a Pod is deleted, and it's IP is
+However, that notification is not instantaneous. In the case that a Pod is deleted, and its IP is
 immediately provisioned to a Pod in another namespace, and that new Pod make a DNS lookup *before*
 the API watch can notify CoreDNS of the change, *autopath* will resolve the IP to the previous Pod's
 namespace.

content/plugins/bind.md

@@ -4,7 +4,7 @@ description = "*bind* overrides the host to which the server should bind."
 weight = 6
 tags = ["plugin", "bind"]
 categories = ["plugin"]
-date = "2023-08-15T20:06:20.8772088"
+date = "2024-10-10T08:30:45.87745810"
 +++
 
 ## Description
@@ -16,7 +16,7 @@ If several addresses are provided, a listener will be open on each of the IP pro
 
 Each address has to be an IP or name of one of the interfaces of the host. Bind by interface name, binds to the IPs on that interface at the time of startup or reload (reload will happen with a SIGHUP or if the config file changes).
 
-If the given argument is an interface name, and that interface has several IP addresses, CoreDNS will listen on all of the interface IP addresses (including IPv4 and IPv6), except for IPv6 link-local addresses on that interface.
+If the given argument is an interface name, and that interface has several IP addresses, CoreDNS will listen on all of the interface IP addresses (including IPv4 and IPv6).
 
 ## Syntax
 

content/plugins/dnstap.md

@@ -4,7 +4,7 @@ description = "*dnstap* enables logging to dnstap."
 weight = 15
 tags = ["plugin", "dnstap"]
 categories = ["plugin"]
-date = "2023-08-15T20:06:20.8772088"
+date = "2024-10-10T08:30:45.87745810"
 +++
 
 ## Description
@@ -18,7 +18,7 @@ Every message is sent to the socket as soon as it comes in, the *dnstap* plugin
 ## Syntax
 
 ~~~ txt
-dnstap SOCKET [full] {
+dnstap SOCKET [full] [writebuffer] [queue] {
   [identity IDENTITY]
   [version VERSION]
   [extra EXTRA]
@@ -41,6 +41,12 @@ Log information about client requests and responses to */tmp/dnstap.sock*.
 dnstap /tmp/dnstap.sock
 ~~~
 
+Log information about client requests and responses and tcp write buffer is 1024*Mb and queue is 2048*10000. 
+
+~~~ txt
+dnstap /tmp/dnstap.sock full 1024 2048
+~~~
+
 Log information including the wire-format DNS message about client requests and responses to */tmp/dnstap.sock*.
 
 ~~~ txt
@@ -98,7 +104,7 @@ dnstap tcp://example.com:6000
 ## Command Line Tool
 
 Dnstap has a command line tool that can be used to inspect the logging. The tool can be found
-at Github: <https://github.com/dnstap/golang-dnstap>. It's written in Go.
+at GitHub: <https://github.com/dnstap/golang-dnstap>. It's written in Go.
 
 The following command listens on the given socket and decodes messages to stdout.
 

content/plugins/forward.md

@@ -4,7 +4,7 @@ description = "*forward* facilitates proxying DNS messages to upstream resolvers
 weight = 20
 tags = ["plugin", "forward"]
 categories = ["plugin"]
-date = "2023-08-15T20:06:20.8772088"
+date = "2024-10-10T08:30:45.87745810"
 +++
 
 ## Description
@@ -53,6 +53,7 @@ forward FROM TO... {
     policy random|round_robin|sequential
     health_check DURATION [no_rec] [domain FQDN]
     max_concurrent MAX
+    next RCODE_1 [RCODE_2] [RCODE_3...]
 }
 ~~~
 
@@ -98,6 +99,7 @@ forward FROM TO... {
   response does not count as a health failure. When choosing a value for **MAX**, pick a number
   at least greater than the expected *upstream query rate* * *latency* of the upstream servers.
   As an upper bound for **MAX**, consider that each concurrent query will use about 2kb of memory.
+* `next` If the `RCODE` (i.e. `NXDOMAIN`) is returned by the remote then execute the next plugin. If no next plugin is defined, or the next plugin is not a `forward` plugin, this setting is ignored
 
 Also note the TLS config is "global" for the whole forwarding proxy if you need a different
 `tls_servername` for different upstreams you're out of luck.
@@ -271,6 +273,21 @@ Or when you have multiple DoT upstreams with different `tls_servername`s, you ca
 }
 ~~~
 
+The following would try 1.2.3.4 first. If the response is `NXDOMAIN`, try 5.6.7.8. If the response from 5.6.7.8 is `NXDOMAIN`, try 9.0.1.2.
+
+~~~ corefile
+. {
+  forward . 1.2.3.4 {
+    next NXDOMAIN
+  }
+  forward . 5.6.7.8 {
+    next NXDOMAIN
+  }
+  forward . 9.0.1.2 {
+  }
+}
+~~~
+
 ## See Also
 
 [RFC 7858](https://tools.ietf.org/html/rfc7858) for DNS over TLS.

content/plugins/kubernetes.md

@@ -4,7 +4,7 @@ description = "*kubernetes* enables reading zone data from a Kubernetes cluster.
 weight = 28
 tags = ["plugin", "kubernetes"]
 categories = ["plugin"]
-date = "2023-08-15T20:06:20.8772088"
+date = "2024-10-10T08:30:45.87745810"
 +++
 
 ## Description
@@ -210,9 +210,11 @@ plugin is also enabled:
  * `kubernetes/service`: the service name in the query
  * `kubernetes/client-namespace`: the client pod's namespace (see requirements below)
  * `kubernetes/client-pod-name`: the client pod's name (see requirements below)
+ * `kubernetes/client-label/<label key>`: a label on the client pod (see requirements below)
 
-The `kubernetes/client-namespace` and `kubernetes/client-pod-name` metadata work by reconciling the
-client IP address in the DNS request packet to a known pod IP address. Therefore the following is required:
+The `kubernetes/client-namespace`, `kubernetes/client-pod-name`, and `kubernetes/client-label/<label key>`
+metadata work by reconciling the client IP address in the DNS request packet to a known pod IP address.
+Therefore the following is required:
  * `pods verified` mode must be enabled
  * the remote IP address in the DNS packet received by CoreDNS must be the IP address
    of the Pod that sent the request.

content/plugins/rewrite.md

@@ -4,7 +4,7 @@ description = "*rewrite* performs internal message rewriting."
 weight = 40
 tags = ["plugin", "rewrite"]
 categories = ["plugin"]
-date = "2023-08-15T20:06:20.8772088"
+date = "2024-10-10T08:30:45.87745810"
 +++
 
 ## Description
@@ -29,6 +29,7 @@ e.g., to rewrite ANY queries to HINFO, use `rewrite type ANY HINFO`.
    * `edns0` - an EDNS0 option can be appended to the request as described below in the **EDNS0 Options** section.
    * `ttl` - the TTL value in the _response_ is rewritten.
    * `cname` - the CNAME target if the response has a CNAME record
+   * `rcode` - the response code (RCODE) value in the _response_ is rewritten.
 
 * **TYPE** this optional element can be specified for a `name` or `ttl` field.
   If not given type `exact` will be assumed. If options should be specified the
@@ -53,6 +54,7 @@ will behave as follows:
 
    * `continue` will continue applying the next rule in the rule list.
    * `stop` will consider the current rule the last rule and will not continue.  The default behaviour is `stop`
+   * When multiple rules are matched, the request rewrite follows the line order in the configuration, while the response rewrite(`answer` option) is executed in reverse order.
 
 ## Examples
 
@@ -338,6 +340,61 @@ rewrite ttl example.com. 30-
 rewrite ttl example.com. 30 # equivalent to rewrite ttl example.com. 30-30
 ```
 
+### RCODE Field Rewrites
+
+At times, the need to rewrite a RCODE value could arise. For example, a DNS server
+may respond with a SERVFAIL instead of NOERROR records when AAAA records are requested.
+
+In the below example, the rcode value the answer for `coredns.rocks` the replies with SERVFAIL
+is being switched to NOERROR.
+
+This example rewrites all the *.coredns.rocks domain SERVFAIL errors to NOERROR
+```
+    rewrite continue {
+        rcode regex (.*)\.coredns\.rocks SERVFAIL NOERROR
+    }
+```
+
+The same result numeric values:
+```
+    rewrite continue {
+        rcode regex (.*)\.coredns\.rocks 2 0
+    }
+```
+
+The syntax for the RCODE rewrite rule is as follows. The meaning of
+`exact|prefix|suffix|substring|regex` is the same as with the name rewrite rules.
+An omitted type is defaulted to `exact`.
+
+```
+rewrite [continue|stop] rcode [exact|prefix|suffix|substring|regex] STRING FROM TO
+```
+
+The values of FROM and TO can be any of the following, text value or numeric:
+
+```
+  0 NOERROR
+  1 FORMERR
+  2 SERVFAIL
+  3 NXDOMAIN
+  4 NOTIMP
+  5 REFUSED
+  6 YXDOMAIN
+  7 YXRRSET
+  8 NXRRSET
+  9 NOTAUTH
+  10 NOTZONE
+  16 BADSIG
+  17 BADKEY
+  18 BADTIME
+  19 BADMODE
+  20 BADNAME
+  21 BADALG
+  22 BADTRUNC
+  23 BADCOOKIE
+```
+
+
 ## EDNS0 Options
 
 Using the FIELD edns0, you can set, append, or replace specific EDNS0 options in the request.
@@ -409,8 +466,30 @@ rewrite edns0 subnet set 24 56
 * If the query's source IP address is an IPv4 address, the first 24 bits in the IP will be the network subnet.
 * If the query's source IP address is an IPv6 address, the first 56 bits in the IP will be the network subnet.
 
+### EDNS0 Revert
+
+Using the `revert` flag, you can revert the changes made by this rewrite call, so the response will not contain this option.
+
+This example sets option, but response will not contain it
+~~~ corefile
+. {
+    rewrite edns0 local set 0xffee abcd revert
+}
+~~~
+
+If only some calls contain the `revert` flag, then the value in the response will be changed to the previous one. So, in this example, the response will contain `abcd` data at `0xffee` 
+~~~ corefile
+. {
+    rewrite continue {
+        edns0 local set 0xffee abcd
+    }
+
+    rewrite edns0 local replace 0xffee bcde revert
+}
+~~~
+
 
-### CNAME Field Rewrites
+## CNAME Field Rewrites
 
 There might be a scenario where you want the `CNAME` target of the response to be rewritten. You can do this by using the `CNAME` field rewrite. This will generate new answer records according to the new `CNAME` target.