coredns v1.9.2 版本更新介绍

发布日期: 2022-05-10
版本号: v1.9.2

本次CoreDNS 1.9.2版本更新包含多项功能增强、安全修复及错误修正。主要亮点为引入第三方安全机构Trail of Bits的审计报告，所有发现的安全问题均已修复。安全改进包括修复缓存投毒漏洞、弃用明文密钥存储、避免使用伪随机数生成等。功能优化涉及缓存刷新模式配置、DNS查询的EDNS0子网支持、Kubernetes插件启动超时修复、AWS凭证配置扩展等。此外，修复了etcd插件TXT记录查询、健康检查协程关闭机制、响应报文状态位设置等多个模块的问题。该版本由Antoine Tollenaere、Balazs Nagy等14位贡献者共同完成，完整更新日志可通过GitHub对比查看。

更新内容 （中文）

这是一个包含多项新增功能、安全修复和错误修复的版本。最值得关注的是来自 Trail of Bits 的第三方安全审计结果发布。此次审计发现的所有安全问题均已修复或覆盖。

贡献者名单

Antoine Tollenaere, Balazs Nagy, Chris O’Haver, dilyevsky, hansedong, Lorenz Brun, Marius Kimmina, nathannaveen, Ondřej Benkovský, Patrick W. Healy, Qasim Sarfraz, xuweiwei, Yong Tang

重要变更

• core: 将 Trail of Bits 添加到第三方安全审计机构列表 (https://github.com/coredns/coredns/pull/5356)
• core: 避免使用伪随机数 (https://github.com/coredns/coredns/pull/5228)
• plugin/bufsize: 不向非 EDNS0 查询添加 OPT 资源记录 (https://github.com/coredns/coredns/pull/5368)
• plugin/cache: 为 serve_stale 添加刷新模式设置 (https://github.com/coredns/coredns/pull/5131)
• plugin/cache: 修复缓存投毒漏洞 (https://github.com/coredns/coredns/pull/5174)
• plugin/etcd: 修复多记录 TXT 查询问题 (https://github.com/coredns/coredns/pull/5293)
• plugin/forward: 支持健康检查的可配置域名 (https://github.com/coredns/coredns/pull/5281)
• plugin/geoip: 优先读取 EDNS0 子网提供的源 IP (https://github.com/coredns/coredns/pull/5183)
• plugin/health: 重构过载协程以支持优雅关闭 (https://github.com/coredns/coredns/pull/5244)
• plugin/k8s_external: 保持查询到客户端响应的 TC 位状态 (https://github.com/coredns/coredns/pull/4716)
• plugin/k8s_external: 在响应中设置权威位 (https://github.com/coredns/coredns/pull/5284)
• plugin/kubernetes: 修复 k8s 启动超时计时器 (https://github.com/coredns/coredns/pull/5361)
• plugin/route53: 弃用 route53 插件在 Corefile 中使用明文密钥 (https://github.com/coredns/coredns/pull/5228)
• plugin/route53: 扩展 AWS 配置/凭证设置方式 (https://github.com/coredns/coredns/pull/5370)
• plugin/template: 修复响应码选项文档说明 (https://github.com/coredns/coredns/pull/5328)

完整变更日志: https://github.com/coredns/coredns/compare/v1.9.1...v1.9.2

更新内容 （原始）

This is a release with many added features and security and bug fixes. The most notable one is the release of 3rd party security audit from Trail of Bits. Security issues discovered by this audit have all been fixed or covered.

Brought to You By

Antoine Tollenaere, Balazs Nagy, Chris O’Haver, dilyevsky, hansedong, Lorenz Brun, Marius Kimmina, nathannaveen, Ondřej Benkovský, Patrick W. Healy, Qasim Sarfraz, xuweiwei, Yong Tang

Noteworthy Changes

• core: add Trail of Bits to list of 3rd party security auditors (https://github.com/coredns/coredns/pull/5356)
• core: avoid usage of pseudo-random number (https://github.com/coredns/coredns/pull/5228)
• plugin/bufsize: don’t add OPT RR to non-EDNS0 queries (https://github.com/coredns/coredns/pull/5368)
• plugin/cache: add refresh mode setting to serve_stale (https://github.com/coredns/coredns/pull/5131)
• plugin/cache: fix cache poisoning exploit (https://github.com/coredns/coredns/pull/5174)
• plugin/etcd: fix multi record TXT lookups (https://github.com/coredns/coredns/pull/5293)
• plugin/forward: configurable domain support for healthcheck (https://github.com/coredns/coredns/pull/5281)
• plugin/geoip: read source IP from EDNS0 subnet if provided (https://github.com/coredns/coredns/pull/5183)
• plugin/health: rework overloaded goroutine to support graceful shutdown (https://github.com/coredns/coredns/pull/5244)
• plugin/k8s_external: persist tc bit from lookup to client response (https://github.com/coredns/coredns/pull/4716)
• plugin/k8s_external: set authoritative bit in responses (https://github.com/coredns/coredns/pull/5284)
• plugin/kubernetes: fix k8s start up timeout ticker (https://github.com/coredns/coredns/pull/5361)
• plugin/route53: deprecate plaintext secret in Corefile for route53 plugin (https://github.com/coredns/coredns/pull/5228)
• plugin/route53: expand AWS config/credentials setup. (https://github.com/coredns/coredns/pull/5370)
• plugin/template: fix rcode option documentation (https://github.com/coredns/coredns/pull/5328)

Full Changelog: https://github.com/coredns/coredns/compare/v1.9.1...v1.9.2

下载链接

• coredns_1.9.2_darwin_amd64.tgz
• coredns_1.9.2_darwin_amd64.tgz.sha256
• coredns_1.9.2_linux_amd64.tgz
• coredns_1.9.2_linux_amd64.tgz.sha256
• coredns_1.9.2_linux_arm.tgz
• coredns_1.9.2_linux_arm.tgz.sha256
• coredns_1.9.2_linux_arm64.tgz
• coredns_1.9.2_linux_arm64.tgz.sha256
• coredns_1.9.2_linux_mips.tgz
• coredns_1.9.2_linux_mips.tgz.sha256
• coredns_1.9.2_linux_mips64le.tgz
• coredns_1.9.2_linux_mips64le.tgz.sha256
• coredns_1.9.2_linux_ppc64le.tgz
• coredns_1.9.2_linux_ppc64le.tgz.sha256
• coredns_1.9.2_linux_s390x.tgz
• coredns_1.9.2_linux_s390x.tgz.sha256
• coredns_1.9.2_windows_amd64.tgz
• coredns_1.9.2_windows_amd64.tgz.sha256