Version 1.12.0 (#316)

* sync documentation

Signed-off-by: Viktor Rodionov <[email protected]>

* fix release notes

Signed-off-by: Viktor Rodionov <[email protected]>

---------

Signed-off-by: Viktor Rodionov <[email protected]>

Author: Shmillerov

content/blog/coredns-1.11.2.md

@@ -0,0 +1,53 @@
++++
+title = "CoreDNS-1.11.2 Release"
+description = "CoreDNS-1.11.2 Release Notes."
+tags = ["Release", "1.11.2", "Notes"]
+release = "1.11.2"
+date = "2024-01-26T00:00:00+00:00"
+author = "coredns"
++++
+
+This release contains some new features, bug fixes, and package updates.
+New features include:
+* When the _forward_ plugin receives a malformed upstream response that overflows,
+  it will now send an empty response to the client with the truncated (TC) bit set to prompt the client
+  to retry over TCP.
+* The _rewrite_ plugin can now rewrite response codes.
+* The _dnstap_ plugin now supports adding metadata to the dnstap `extra` field.
+
+## Brought to You By
+
+Amila Senadheera,
+Ben Kochie,
+Benjamin,
+Chris O'Haver,
+Grant Spence,
+John Belamaric,
+Keita Kitamura,
+Marius Kimmina,
+Michael Grosser,
+Ondřej Benkovský,
+P. Radha Krishna,
+Rahil Bhimjiani,
+Sri Harsha,
+Tom Thorogood,
+Willow (GHOST),
+Yong Tang,
+Yuheng,
+Zhizhen He,
+guangwu,
+journey-c,
+pschou
+
+## Noteworthy Changes
+
+* plugin/tls: respect the path specified by root plugin (https://github.com/coredns/coredns/pull/6138)
+* plugin/auto: warn when auto is unable to read elements of the directory tree (https://github.com/coredns/coredns/pull/6333)
+* plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (https://github.com/coredns/coredns/pull/6351)
+* plugin/cache: key cache on Checking Disabled (CD) bit (https://github.com/coredns/coredns/pull/6354)
+* plugin/forward: Use the correct root domain name in the forward plugin's health checks (https://github.com/coredns/coredns/pull/6395)
+* plugin/forward: Handle UDP responses that overflow with TC bit (https://github.com/coredns/coredns/pull/6277)
+* plugin/rewrite: fix multi request concurrency issue in cname rewrite (https://github.com/coredns/coredns/pull/6407)
+* plugin/rewrite: add rcode as a rewrite option (https://github.com/coredns/coredns/pull/6204)
+* plugin/dnstap: add support for "extra" field in payload (https://github.com/coredns/coredns/pull/6226)
+* plugin/cache: fix keepttl parsing (https://github.com/coredns/coredns/pull/6250)

content/blog/coredns-1.11.3.md

@@ -0,0 +1,59 @@
++++
+title = "CoreDNS-1.11.3 Release"
+description = "CoreDNS-1.11.3 Release Notes."
+tags = ["Release", "1.11.3", "Notes"]
+release = "1.11.3"
+date = "2024-04-24T16:57:00-04:00"
+author = "coredns"
++++
+
+This release contains some new features, bug fixes, and package updates. Because of the deployment issues with the previous release, all changed features from 1.11.2 have been included in this release.
+New features include:
+* When the _forward_ plugin receives a malformed upstream response that overflows,
+  it will now send an empty response to the client with the truncated (TC) bit set to prompt the client
+  to retry over TCP.
+* The _rewrite_ plugin can now rewrite response codes.
+* The _dnstap_ plugin now supports adding metadata to the dnstap `extra` field.
+
+## Brought to You By
+
+Amila Senadheera,
+Ben Kochie,
+Benjamin,
+Chris O'Haver,
+Grant Spence,
+John Belamaric,
+Keita Kitamura,
+Marius Kimmina,
+Michael Grosser,
+Ondřej Benkovský,
+P. Radha Krishna,
+Rahil Bhimjiani,
+Sri Harsha,
+Tom Thorogood,
+Willow (GHOST),
+Yong Tang,
+Yuheng,
+Zhizhen He,
+guangwu,
+journey-c,
+pschou
+Ted Ford
+
+## Noteworthy Changes
+
+* plugin/tls: respect the path specified by root plugin (https://github.com/coredns/coredns/pull/6138)
+* plugin/auto: warn when auto is unable to read elements of the directory tree (https://github.com/coredns/coredns/pull/6333)
+* plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (https://github.com/coredns/coredns/pull/6351)
+* plugin/cache: key cache on Checking Disabled (CD) bit (https://github.com/coredns/coredns/pull/6354)
+* plugin/forward: Use the correct root domain name in the forward plugin's health checks (https://github.com/coredns/coredns/pull/6395)
+* plugin/forward: Handle UDP responses that overflow with TC bit (https://github.com/coredns/coredns/pull/6277)
+* plugin/rewrite: fix multi request concurrency issue in cname rewrite (https://github.com/coredns/coredns/pull/6407)
+* plugin/rewrite: add rcode as a rewrite option (https://github.com/coredns/coredns/pull/6204)
+* plugin/dnstap: add support for "extra" field in payload (https://github.com/coredns/coredns/pull/6226)
+* plugin/cache: fix keepttl parsing (https://github.com/coredns/coredns/pull/6250)
+* Return RcodeServerFailure when DNS64 has no next plugin (https://github.com/coredns/coredns/pull/6590)
+* Change the log flags to be a variable that can be set (https://github.com/coredns/coredns/pull/6546)
+* Bump go version to 1.21 (https://github.com/coredns/coredns/pull/6533)
+* replace the mutex locks in logging with atomic bool for the "on" flag (https://github.com/coredns/coredns/pull/6525)
+* Enable Prometheus native histograms (https://github.com/coredns/coredns/pull/6524)

content/blog/coredns-1.11.4.md

@@ -0,0 +1,66 @@
++++
+title = "CoreDNS-1.11.4 Release"
+description = "CoreDNS-1.11.4 Release Notes."
+tags = ["Release", "1.11.4", "Notes"]
+release = "1.11.4"
+date = "2024-11-13T00:00:00+00:00"
+author = "coredns"
++++
+
+This release adds some new features and fixes some bugs.  New features of note:
+  * forward plugin: new option `next`, to try alternate upstreams when receiving specified response codes upstreams on (functions like the external plugin _alternate_) 
+  * dnssec plugin: new option to load keys from AWS Secrets Manager
+  * rewrite plugin: new option to revert EDNS0 option rewrites in responses
+
+## Brought to You By
+
+AdamKorcz,
+Anifalak,
+Ben Kochie,
+Chris O'Haver,
+Frederic Hemery,
+Grant Spence,
+Harshita Sao,
+Jason Joo,
+Jasper Bernhardt,
+Johnny Bergström,
+Keith Coleman,
+Kevin Lyda,
+Lan,
+Lin-1997,
+Manuel Rüger,
+Nathan Currier,
+Nicolai Søborg,
+Nikita Usatov,
+Paco Xu,
+Reinhard Nägele,
+Robbie Ostrow,
+TAKAHASHI Shuuji,
+Till Riedel,
+Tobias Klauser,
+YASH JAIN,
+cedar-gao,
+chenylh,
+wmkuipers,
+xinbenlv,
+zhangguanzhang
+
+## Noteworthy Changes
+
+* core: set cache-control max-age as integer, not float (https://github.com/coredns/coredns/pull/6764)
+* plugin/metadata: evaluate metadata in plugin order (https://github.com/coredns/coredns/pull/6729)
+* plugin/dnssec: dnssec load keys from AWS Secrets Manager (https://github.com/coredns/coredns/pull/6618)
+* plugin/rewrite: Add "revert" parameter for EDNS0 options (https://github.com/coredns/coredns/pull/6893)
+* container: Restored backwards compatibility of Current Workdir (https://github.com/coredns/coredns/pull/6731)
+* plugin/auto: call OnShutdown() for each zone at its own OnShutdown() (https://github.com/coredns/coredns/pull/6705)
+* plugin/dnstap: log queue and buffer memory size configuration (https://github.com/coredns/coredns/pull/6591)
+* plugin/bind: add zone for link-local IPv6 instead of skipping (https://github.com/coredns/coredns/pull/6547)
+* plugin/kubernetes: only create PTR records for endpoints with hostname defined (https://github.com/coredns/coredns/pull/6898)
+* plugin/rewrite: execute the reversion in reversed order (https://github.com/coredns/coredns/pull/6872)
+* plugin/etcd: fix etcd connection leakage during reload (https://github.com/coredns/coredns/pull/6646)
+* plugin/kubernetes: Add useragent (https://github.com/coredns/coredns/pull/6484)
+* plugin/hosts: add hostsfile as label for coredns_hosts_entries (https://github.com/coredns/coredns/pull/6801)
+* plugin/file: Fix zone parser error handling (https://github.com/coredns/coredns/pull/6680)
+* plugin/forward: Add alternate option to forward plugin (https://github.com/coredns/coredns/pull/6681)
+* plugin/file: return error when parsing the file fails (https://github.com/coredns/coredns/pull/6699)
+* build: Generate zplugin.go correctly with third-party plugins (https://github.com/coredns/coredns/pull/6692)

content/blog/coredns-1.12.0.md

@@ -0,0 +1,25 @@
++++
+title = "CoreDNS-1.12.0 Release"
+description = "CoreDNS-1.12.0 Release Notes."
+tags = ["Release", "1.12.0", "Notes"]
+release = "1.12.0"
+date = "2024-11-21T00:00:00+00:00"
+author = "coredns"
++++
+
+This release adds some new features.  Of note:
+* New multisocket plugin - allows CoreDNS to listen on multiple sockets
+* New automaxprocs plugin - automatically sets GOMAXPROCS to the number of CPUs
+
+## Brought to You By
+
+Ben Kochie,
+Chris O'Haver,
+Emmanuel Ferdman,
+Viktor
+
+
+## Noteworthy Changes
+
+* plugin/multisocket (https://github.com/coredns/coredns/pull/6882)
+* plugin/automaxprocs (https://github.com/coredns/coredns/pull/6948)

content/plugins/autopath.md

@@ -4,7 +4,7 @@ description = "*autopath* allows for server-side search path completion."
 weight = 4
 tags = ["plugin", "autopath"]
 categories = ["plugin"]
-date = "2020-10-16T12:42:25.87725810"
+date = "2024-11-22T08:09:54.87754811"
 +++
 
 ## Description
@@ -60,7 +60,7 @@ path) in the following case. To properly build the search path of a client *auto
 the namespace of the a Pod making a DNS request. To do this, it relies on the *kubernetes* plugin's
 Pod cache to resolve the client's IP address to a Pod. The Pod cache is maintained by an API watch
 on Pods. When Pod IP assignments change, the Kubernetes API notifies CoreDNS via the API watch.
-However, that notification is not instantaneous. In the case that a Pod is deleted, and it's IP is
+However, that notification is not instantaneous. In the case that a Pod is deleted, and its IP is
 immediately provisioned to a Pod in another namespace, and that new Pod make a DNS lookup *before*
 the API watch can notify CoreDNS of the change, *autopath* will resolve the IP to the previous Pod's
 namespace.

content/plugins/bind.md

@@ -4,7 +4,7 @@ description = "*bind* overrides the host to which the server should bind."
 weight = 6
 tags = ["plugin", "bind"]
 categories = ["plugin"]
-date = "2023-08-15T20:06:20.8772088"
+date = "2024-11-22T08:09:54.87754811"
 +++
 
 ## Description
@@ -16,7 +16,7 @@ If several addresses are provided, a listener will be open on each of the IP pro
 
 Each address has to be an IP or name of one of the interfaces of the host. Bind by interface name, binds to the IPs on that interface at the time of startup or reload (reload will happen with a SIGHUP or if the config file changes).
 
-If the given argument is an interface name, and that interface has several IP addresses, CoreDNS will listen on all of the interface IP addresses (including IPv4 and IPv6), except for IPv6 link-local addresses on that interface.
+If the given argument is an interface name, and that interface has several IP addresses, CoreDNS will listen on all of the interface IP addresses (including IPv4 and IPv6).
 
 ## Syntax
 

content/plugins/dnssec.md

@@ -4,7 +4,7 @@ description = "*dnssec* enables on-the-fly DNSSEC signing of served data."
 weight = 14
 tags = ["plugin", "dnssec"]
 categories = ["plugin"]
-date = "2021-04-05T13:49:45.8774584"
+date = "2024-11-22T08:09:54.87754811"
 +++
 
 ## Description
@@ -19,7 +19,7 @@ This plugin can only be used once per Server Block.
 
 ~~~
 dnssec [ZONES... ] {
-    key file KEY...
+    key file|aws_secretsmanager KEY...
     cache_capacity CAPACITY
 }
 ~~~
@@ -52,6 +52,26 @@ used.
     * generated public key `Kexample.org+013+45330.key`
     * generated private key `Kexample.org+013+45330.private`
 
+* `key aws_secretsmanager` indicates that **KEY** secret(s) should be read from AWS Secrets Manager. Secret
+  names or ARNs may be used. After generating the keys as described in the `key file` section, you can
+  store them in AWS Secrets Manager using the following AWS CLI v2 command:
+
+  ```sh
+  aws secretsmanager create-secret --name "Kexample.org.+013+45330" \
+  --description "DNSSEC keys for example.org" \
+  --secret-string "$(jq -n --arg key "$(cat Kexample.org.+013+45330.key)" \
+  --arg private "$(cat Kexample.org.+013+45330.private)" \
+  '{key: $key, private: $private}')"
+  ```
+
+  This command reads the contents of the `.key` and `.private` files, constructs a JSON object, and stores it
+  as a new secret in AWS Secrets Manager with the specified name and description. CoreDNS will then fetch
+  the key data from AWS Secrets Manager when using the `key aws_secretsmanager` directive.
+
+  [AWS SDK for Go V2](https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-credentials) is used
+  for authentication with AWS Secrets Manager. Make sure the provided AWS credentials have the necessary
+  permissions (e.g., `secretsmanager:GetSecretValue`) to access the specified secrets in AWS Secrets Manager.
+
 * `cache_capacity` indicates the capacity of the cache. The dnssec plugin uses a cache to store
   RRSIGs. The default for **CAPACITY** is 10000.
 
@@ -78,6 +98,18 @@ example.org {
 }
 ~~~
 
+Sign responses for `example.org` with the key stored in AWS Secrets Manager under the secret name
+"Kexample.org.+013+45330".
+
+~~~
+example.org {
+    dnssec {
+        key aws_secretsmanager Kexample.org.+013+45330
+    }
+    whoami
+}
+~~~
+
 Sign responses for a kubernetes zone with the key "Kcluster.local+013+45129.key".
 
 ~~~

content/plugins/dnstap.md

@@ -4,7 +4,7 @@ description = "*dnstap* enables logging to dnstap."
 weight = 15
 tags = ["plugin", "dnstap"]
 categories = ["plugin"]
-date = "2023-08-15T20:06:20.8772088"
+date = "2024-11-22T08:09:54.87754811"
 +++
 
 ## Description
@@ -18,7 +18,7 @@ Every message is sent to the socket as soon as it comes in, the *dnstap* plugin
 ## Syntax
 
 ~~~ txt
-dnstap SOCKET [full] {
+dnstap SOCKET [full] [writebuffer] [queue] {
   [identity IDENTITY]
   [version VERSION]
   [extra EXTRA]
@@ -41,6 +41,12 @@ Log information about client requests and responses to */tmp/dnstap.sock*.
 dnstap /tmp/dnstap.sock
 ~~~
 
+Log information about client requests and responses and tcp write buffer is 1024*Mb and queue is 2048*10000. 
+
+~~~ txt
+dnstap /tmp/dnstap.sock full 1024 2048
+~~~
+
 Log information including the wire-format DNS message about client requests and responses to */tmp/dnstap.sock*.
 
 ~~~ txt
@@ -98,7 +104,7 @@ dnstap tcp://example.com:6000
 ## Command Line Tool
 
 Dnstap has a command line tool that can be used to inspect the logging. The tool can be found
-at Github: <https://github.com/dnstap/golang-dnstap>. It's written in Go.
+at GitHub: <https://github.com/dnstap/golang-dnstap>. It's written in Go.
 
 The following command listens on the given socket and decodes messages to stdout.
 

content/plugins/forward.md

@@ -4,7 +4,7 @@ description = "*forward* facilitates proxying DNS messages to upstream resolvers
 weight = 20
 tags = ["plugin", "forward"]
 categories = ["plugin"]
-date = "2023-08-15T20:06:20.8772088"
+date = "2024-11-22T08:09:54.87754811"
 +++
 
 ## Description
@@ -53,6 +53,7 @@ forward FROM TO... {
     policy random|round_robin|sequential
     health_check DURATION [no_rec] [domain FQDN]
     max_concurrent MAX
+    next RCODE_1 [RCODE_2] [RCODE_3...]
 }
 ~~~
 
@@ -98,6 +99,7 @@ forward FROM TO... {
   response does not count as a health failure. When choosing a value for **MAX**, pick a number
   at least greater than the expected *upstream query rate* * *latency* of the upstream servers.
   As an upper bound for **MAX**, consider that each concurrent query will use about 2kb of memory.
+* `next` If the `RCODE` (i.e. `NXDOMAIN`) is returned by the remote then execute the next plugin. If no next plugin is defined, or the next plugin is not a `forward` plugin, this setting is ignored
 
 Also note the TLS config is "global" for the whole forwarding proxy if you need a different
 `tls_servername` for different upstreams you're out of luck.
@@ -271,6 +273,21 @@ Or when you have multiple DoT upstreams with different `tls_servername`s, you ca
 }
 ~~~
 
+The following would try 1.2.3.4 first. If the response is `NXDOMAIN`, try 5.6.7.8. If the response from 5.6.7.8 is `NXDOMAIN`, try 9.0.1.2.
+
+~~~ corefile
+. {
+  forward . 1.2.3.4 {
+    next NXDOMAIN
+  }
+  forward . 5.6.7.8 {
+    next NXDOMAIN
+  }
+  forward . 9.0.1.2 {
+  }
+}
+~~~
+
 ## See Also
 
 [RFC 7858](https://tools.ietf.org/html/rfc7858) for DNS over TLS.