CoreDNS is a fork of Caddy (0.8) that is a DNS server that chains middleware. Currently I’m working on a) making CoreDNS have a good set of middleware: etcd backend, k8s backend, file backend, on-the-fly DNSSEC signing, monitoring to name a few.
Futher more: I’m porting CoreDNS to be a plugin for Caddy 0.9; this is a work in progress and probably needs changes in Caddy as well.
Holy cow, I was gonna ask about something like this. It looks pretty cool. A few questions:
I am currently loading a bunch of zone files into a directory for bind. Can it operate in this kind of mode, or do I need to convert my zones to a specific format? Can it do wildcard “host every zone in this directory” mode?
Can it limit the ips for which it will do recursive lookups?
Do you have an example of using it for local network machine name lookups?
Is the middleware format pretty well nailed down at this point? I can think of some cool ideas just off the top of my head:
As an aside, one of the main things @mholt talks about with the 0.9.0 release is how alternate server types can be implemented as a plugin.
Would it ever make sense to run dns and http in the same caddy instance? Would that make the caddyfile kinda odd? How would you specify if a server block is http or dns? Would the syntax be the same for all? Kinda confused on how you would envision that working, or if this forking model is really best. Any thoughts?
It is interesting, because just looking through the coredns middlewares, there are some interesting overlaps. Health checks and metrics among others, launch http servers for various utilities. It may make sense to somehow combine the functionality in a single caddyfile.
Some directives can cross server type boundaries; for example: startup, shutdown, and tls. But for code that is HTTP-middleware-specific, that’s harder to just share with a DNS middleware, I’d imagine. Maybe Miek has some ideas on that, but I don’t think combining server types into a single Caddyfile is a good idea.
One example would be something like https://pi-hole.net/. It is a dns proxy server that has a blacklist of ad domains. For those domains it resolves to its own built in web server and serves a dummy page/image to satisfy the url. I could launch an http server and a dns server seperately, but it seems like the easy path is for the dns directive to launch its own http server, which does kinda feel dirty.
See <miek.nl/tags/coredns> for more docs on this as well. And the specific middleware READMEs in the source.
Yes, this mode is supported by the file middleware. You can’t use a “host every one in this directory”, that would be a nice feature though - how would the Corefile (my Caddyfile look like)? github.com/miekg/coredns/issues/177 filed.