-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plugin/rewrite: add rcode as a rewrite option #6204
plugin/rewrite: add rcode as a rewrite option #6204
Conversation
Thanks for contributing!
There may be other ways to solve the issue, with existing plugins such as acl or template. |
Thank you for the consideration and reply!
I agree that this is a potential avenue of resolution if we want all AAAA records to be taken away, but I still want IPv6 to be functional and enabled as much as possible-- so turning off all IPv6 goes against the plan to make IPv6 work where ever possible. The SERVER-FAIL is something that the DNS appliance keeps throwing back. It seems the DNS administrators think that SERVER-FAIL reply is the right course of action, but this keeps tripping up my Kubernetes deployments because they just stall whenever I try to deploy on a system. |
…faults Signed-off-by: schou <pschou@users.noreply.github.com>
b12fbb0
to
da6054b
Compare
This fixed a longstanding problem for me. A sincere thank you to all who contribute! |
Conceptually, this class of feature is a better fit for the rewrite plugin. It's a plugin that rewrites/overrides aspects of request and response. E.g. It could be implemented by adding a new Also if implemented in the rewrite plugin, the response code override could be applied to a response from any plugin, not just forward plugin. So it would be more utilitarian, applicable to more situations. |
Signed-off-by: schou <pschou@users.noreply.github.com>
c89f2f5
to
ebf267f
Compare
This is a very good point and I concur that a rewrite type would be a better fit for more diverse use cases. I have amended the PR to realize this suggestion. |
Signed-off-by: schou <pschou@users.noreply.github.com>
@chrisohaver Do you think the documentation should use OLD/NEW or FROM/TO? I am considering switching it, but I would like to see what you think. |
Best to be consistent with existing wording. I think it uses from/to. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Signed-off-by: schou <pschou@users.noreply.github.com>
f40f719
to
ba6b3c7
Compare
This PR also addresses a particular scenario I encountered. A big thank you to all contributors! |
Fix import ordering and LGTM. Deferring final approval/merge to the rewrite plugin codeowners. |
This pull request is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days |
@pschou , please address the go coverage errors. Otherwise, LGTM. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Please address presubmit check.
@pschou , there are some other test failing too:
|
Signed-off-by: schou <pschou@users.noreply.github.com>
80e8699
to
cf9f7be
Compare
@greenpau, this build process is fragile. The pull approval was delayed all because of a single new line character, "\n", the test to verify that the imports are in the right format fail-- ok, I understand that consistency is important. So, I add a single new line character to space the imports apart, and now other checks that previously passed are failing due to a curl command and because of an external API change at go.dev. This issue is not related to this pull request, out of scope. When pulling down this endpoint, one will find two lines are returned:
The error in the kubernetes check looks like this:
Maybe a proposed fix would look like this:
Note that every other check passed before this external API response change: Now it is failing due to the external API change: |
Please rebase (the go version check was fixed a few weeks ago) |
Ok, done 👍 |
Codecov Report
@@ Coverage Diff @@
## master #6204 +/- ##
==========================================
+ Coverage 55.70% 58.36% +2.66%
==========================================
Files 224 252 +28
Lines 10016 16509 +6493
==========================================
+ Hits 5579 9636 +4057
- Misses 3978 6282 +2304
- Partials 459 591 +132
... and 170 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
1. Why is this pull request needed, and what does it do?
Adds the ability to mask server failure replies from a proxied DNS server. This change makes CoreDNS "just work" in broken/firewalled environments.
For example, an IPv6 incompatible DNS appliance-- enables a stand-in proxy fix where IPv6 is not fully supported yet. This option allows you to "ignore errors" and reply with an empty record. When docker or Kubernetes sits behind a firewall appliance that blocks AAAA records from being resolved, the docker API sits and waits seconds to do multiple tries in hopes of getting a SUCCESS reply. This flag masks this issue go away, and thus, the infrastructure runs faster.
In gist, it takes any SERVER-FAIL replies and switches them to SUCCESS to give the application a "no records found" reply.
2. Which issues (if any) are related?
None (that I know of)
3. Which documentation changes (if any) need to be made?
The plugin README has been updated.
4. Does this introduce a backward incompatible change or deprecation?
No