CoreDNS Chaining Middleware

March 19, 2016


CoreDNS is shaping up nicely and of course the middleware (taken from Caddy) is working great.

Take for instance the following. We want to rewrite ANY queries to HINFO (because DDoS) and then proxy them to Google. We also need some logging. So after downloading and compiling CoreDNS, create the following Corefile:

.:1053 {
    log stdout
    rewrite ANY HINFO
    proxy .

By default CoreDNS will read a file called Corefile, so we can just start it with:

% ulimit -n 4096
% ./coredns
Activating privacy features...

Queries work as expected, dig @localhost -p 1053 mx will work and will show up in the logs: - [19/Mar/2016:21:15:22 +0000] "MX udp" NOERROR 170

But lets try a ANY query, dig @localhost -p 1053 ANY, the reply we get back is:

; EDNS: version: 0, flags:; udp: 512
;			IN	ANY

;; AUTHORITY SECTION:		1799	IN	SOA 1458360781 14400 3600 604800 14400

Which is not the reply you’d expect from an ANY query, the log makes clear that the rewrite happened: - [19/Mar/2016:21:18:17 +0000] "HINFO udp" NOERROR 94
CoreDNS  DNS  Server  Middleware