coredns v1.11.0 版本更新介绍

发布日期: 2023-08-08
版本号: v1.11.0

本次CoreDNS版本更新主要包含以下内容：新增支持通过QUIC协议接收DNS连接（doq），并在rewrite插件中引入CNAME目标重写功能，同时修复多项错误并提升安全性。不兼容性变更包括：kubernetes插件停止支持Endpoint和Endpointslice v1beta版本（因K8s已全面采用Endpointslice）、bufsize插件默认缓冲区大小调整为1232字节，以及forward插件指标格式调整。其他重要改进涵盖对RISC-V架构的支持、DOH协议允许HTTP通信、DNSTAP插件增加TLS支持、修复云DNS响应限制问题、优化负载均衡权重更新逻辑、防止代理失败计数器溢出、以非root权限运行提升安全性等。此版本由Amila Senadheera等数十位开发者共同贡献完成。

更新内容 （中文）

发布亮点

• 新增通过 QUIC 协议接受 DNS 连接的支持（doq）。
• 为 rewrite 插件添加 CNAME 目标重写功能。
• 包含多项错误修复及安全改进。

本版本包含以下向后不兼容变更：

• 在 kubernetes 插件中，我们已停止对 Endpoint 和 Endpointslice v1beta 版本的监听支持，因所有受支持的 K8s 版本现均使用 Endpointslice。
• bufsize 插件的默认大小限制值更改为 1232。
• 对 forward 插件指标进行了部分调整。

贡献者名单

Amila Senadheera、 Antony Chazapis、 Ayato Tokubi、 Ben Kochie、 Catena cyber、 Chris O’Haver、 Dan Salmon、 Dan Wilson、 Denis MACHARD、 Diogenes Pelisson、 Eng Zer Jun、 Fish-pro、 Gabor Dozsa、 Gary McDonald、 João Henri、 Justin、 Lio李歐、 Marcos Mendez、 Marius Kimmina、 Ondřej Benkovský、 Pat Downey、 Petr Menšík、 Rotem Kfir、 Sebastian Dahlgren、 Vancl、 Vinayak Goyal、 W. Trevor King、 Yash Singh、 Yashpal、 Yong Tang、 Yuheng、 cui fliter、 jeremiejig、 junhwong、 rokkiter、 yyzxw

其他重要变更

• 新增 RISC-V 架构支持 (https://github.com/coredns/coredns/pull/6195)
• doh: 允许使用 http 作为协议 (https://github.com/coredns/coredns/pull/5762)
• doq: 新增 DNS-over-QUIC 服务器支持 (https://github.com/coredns/coredns/pull/6182)
• plugin/bufsize: 将默认值更改为 1232 (https://github.com/coredns/coredns/pull/6183)
• plugin/clouddns: 修复应答限制为单次响应的问题 (https://github.com/coredns/coredns/pull/5986)
• plugin/dnssec: 在委派场景中，对无 DS 记录的情况签署 DS 或 NSEC (https://github.com/coredns/coredns/pull/5899)
• plugin/dnstap: 添加 TLS 支持 (https://github.com/coredns/coredns/pull/5917)
• plugin/forward: 收到异常响应后继续等待 (https://github.com/coredns/coredns/pull/6014)
• plugin/forward: 修复转发指标的后向兼容性 (https://github.com/coredns/coredns/pull/6178)
• plugin/health: 默认轮询本地主机 (https://github.com/coredns/coredns/pull/5934)
• plugin/k8s_external: 添加 fallthrough 选项 (https://github.com/coredns/coredns/pull/5959)
• plugin/kubernetes: 暴露 client-go 内部请求指标 (https://github.com/coredns/coredns/pull/5991)
• plugin/kubernetes: 过滤子域中子域的 ExternalName 服务查询 (https://github.com/coredns/coredns/pull/6162)
• plugin/kubernetes: 修复禁用端点时无头服务/端点查询的 panic 问题 (https://github.com/coredns/coredns/pull/6137)
• plugin/kubernetes: 修复端口 panic 问题 (https://github.com/coredns/coredns/pull/6179)
• plugin/kubernetes: 移除 Endpoint 和 EndpointSlice v1beta 支持 (https://github.com/coredns/coredns/pull/6147)
• plugin/loadbalance: 改进权重更新机制 (https://github.com/coredns/coredns/pull/5906)
• plugin/rewrite: 在重写插件中引入 CNAME 目标重写规则 (https://github.com/coredns/coredns/pull/6004)
• plugin/transfer: 添加所有区域后发送通知 (https://github.com/coredns/coredns/pull/5774)
• 防止代理失败计数器溢出 (https://github.com/coredns/coredns/pull/5990)
• 防止使用 DoHWriter 时出现 panic (https://github.com/coredns/coredns/pull/6120)
• 以非 root 用户身份运行 CoreDNS (https://github.com/coredns/coredns/pull/5969)
• 支持 GRPC 的 Unix 套接字 (https://github.com/coredns/coredns/pull/5943)

更新内容 （原始）

Release Highlights

• Adds support for accepting DNS connections over QUIC (doq).
• Adds CNAME target rewrites to the rewrite plugin.
• Plus many bug fixes, and some security improvements.

This release introduces the following backward incompatible changes:

• In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, since all supported K8s versions now use Endpointslice.
• The bufsize plugin changed its default size limit value to 1232
• Some changes to forward plugin metrics.

Brought to You By

Amila Senadheera, Antony Chazapis, Ayato Tokubi, Ben Kochie, Catena cyber, Chris O’Haver, Dan Salmon, Dan Wilson, Denis MACHARD, Diogenes Pelisson, Eng Zer Jun, Fish-pro, Gabor Dozsa, Gary McDonald, João Henri, Justin, Lio李歐, Marcos Mendez, Marius Kimmina, Ondřej Benkovský, Pat Downey, Petr Menšík, Rotem Kfir, Sebastian Dahlgren, Vancl, Vinayak Goyal, W. Trevor King, Yash Singh, Yashpal, Yong Tang, Yuheng, cui fliter, jeremiejig, junhwong, rokkiter, yyzxw

Other Noteworthy Changes

• add support for RISC-V (https://github.com/coredns/coredns/pull/6195)
• doh: allow http as the protocol (https://github.com/coredns/coredns/pull/5762)
• doq: add DNS-Over-QUIC server support (https://github.com/coredns/coredns/pull/6182)
• plugin/bufsize: change default value to 1232 (https://github.com/coredns/coredns/pull/6183)
• plugin/clouddns: fix answers limited to one response (https://github.com/coredns/coredns/pull/5986)
• plugin/dnssec: on delegation, sign DS or NSEC of no DS. (https://github.com/coredns/coredns/pull/5899)
• plugin/dnstap: add tls support (https://github.com/coredns/coredns/pull/5917)
• plugin/forward: continue waiting after receiving malformed responses (https://github.com/coredns/coredns/pull/6014)
• plugin/forward: fix forward metrics for backwards compatibility (https://github.com/coredns/coredns/pull/6178)
• plugin/health: poll localhost by default (https://github.com/coredns/coredns/pull/5934)
• plugin/k8s_external: add fallthrough option (https://github.com/coredns/coredns/pull/5959)
• plugin/kubernetes: expose client-go internal request metrics (https://github.com/coredns/coredns/pull/5991)
• plugin/kubernetes: filter ExternalName service queries for subdomains of subdomains (https://github.com/coredns/coredns/pull/6162)
• plugin/kubernetes: fix headless/endpoint query panics when endpoints are disabled (https://github.com/coredns/coredns/pull/6137)
• plugin/kubernetes: fix ports panic (https://github.com/coredns/coredns/pull/6179)
• plugin/kubernetes: remove Endpoint and EndpointSlice v1beta Support (https://github.com/coredns/coredns/pull/6147)
• plugin/loadbalance: improve weights update (https://github.com/coredns/coredns/pull/5906)
• plugin/rewrite: introduce cname target rewrite rule to rewrite plugin (https://github.com/coredns/coredns/pull/6004)
• plugin/transfer: send notifies after adding zones all zones (https://github.com/coredns/coredns/pull/5774)
• prevent fail counter of a proxy overflows (https://github.com/coredns/coredns/pull/5990)
• prevent panics when using DoHWriter (https://github.com/coredns/coredns/pull/6120)
• run coredns as non root. (https://github.com/coredns/coredns/pull/5969)
• support unix socket for GRPC (https://github.com/coredns/coredns/pull/5943)

下载链接

• coredns_1.11.0_darwin_amd64.tgz
• coredns_1.11.0_darwin_amd64.tgz.sha256
• coredns_1.11.0_darwin_arm64.tgz
• coredns_1.11.0_darwin_arm64.tgz.sha256
• coredns_1.11.0_linux_amd64.tgz
• coredns_1.11.0_linux_amd64.tgz.sha256
• coredns_1.11.0_linux_arm.tgz
• coredns_1.11.0_linux_arm.tgz.sha256
• coredns_1.11.0_linux_arm64.tgz
• coredns_1.11.0_linux_arm64.tgz.sha256
• coredns_1.11.0_linux_mips.tgz
• coredns_1.11.0_linux_mips.tgz.sha256
• coredns_1.11.0_linux_mips64le.tgz
• coredns_1.11.0_linux_mips64le.tgz.sha256
• coredns_1.11.0_linux_ppc64le.tgz
• coredns_1.11.0_linux_ppc64le.tgz.sha256
• coredns_1.11.0_linux_riscv64.tgz
• coredns_1.11.0_linux_riscv64.tgz.sha256
• coredns_1.11.0_linux_s390x.tgz
• coredns_1.11.0_linux_s390x.tgz.sha256
• coredns_1.11.0_windows_amd64.tgz
• coredns_1.11.0_windows_amd64.tgz.sha256