Conf cleanup

Dockerfile

@@ -199,7 +199,7 @@ ENV           DNS_FORWARD_UPSTREAM_IP_1="tls://1.1.1.1"
 ENV           DNS_FORWARD_UPSTREAM_IP_2="tls://1.0.0.1"
 
 ENV           DNS_PORT=53
-ENV           DNS_OVER_GRPC_PORT=553
+# ENV           DNS_OVER_GRPC_PORT=553
 ENV           DNS_STUFF_MDNS=false
 
 ENV           METRICS_PORT=9253
@@ -209,7 +209,7 @@ ENV           METRICS_PORT=9253
 EXPOSE        $DNS_PORT/udp
 EXPOSE        $DNS_OVER_TLS_PORT/tcp
 EXPOSE        $DNS_OVER_TLS_LEGO_PORT/tcp
-EXPOSE        $DNS_OVER_GRPC_PORT/tcp
+#EXPOSE        $DNS_OVER_GRPC_PORT/tcp
 EXPOSE        $METRICS_PORT/tcp
 
 # Lego just needs /certs to work

README.md

@@ -171,7 +171,9 @@ For forwarding:
 You can also tweak the following:
 
  * DNS_PORT (default to 53)
+<!--
  * DNS_OVER_GRPC_PORT (default to 553)
+-->
  * DNS_STUFF_MDNS: convenient little trick to respond for certain mDNS queries over traditional DNS
  * METRICS_PORT for Prometheuse (default to 9253)
 

context/runtime/boot/entrypoint.sh

@@ -8,6 +8,8 @@ source "$root/helpers.sh"
 
 helpers::dir::writable /certs
 
+LOG_LEVEL=${LOG_LEVEL:-}
+
 # DNS over tls settings
 DNS_OVER_TLS_ENABLED="${DNS_OVER_TLS_ENABLED:-}"
 DNS_OVER_TLS_DOMAIN="${DNS_OVER_TLS_DOMAIN:-}"
@@ -24,7 +26,7 @@ DNS_FORWARD_UPSTREAM_IP_2="${DNS_FORWARD_UPSTREAM_IP_2:-}"
 
 # Other DNS settings
 DNS_PORT="${DNS_PORT:-}"
-DNS_OVER_GRPC_PORT="${DNS_OVER_GRPC_PORT:-}"
+# DNS_OVER_GRPC_PORT="${DNS_OVER_GRPC_PORT:-}"
 DNS_STUFF_MDNS="${DNS_STUFF_MDNS:-}"
 
 # Metrics settings
@@ -66,10 +68,10 @@ loop(){
   done
 }
 
-no_tls=-no
+with_tls=
 # If we have a domain, get certificates for that, and the appropriate config
 if [ "$DNS_OVER_TLS_ENABLED" == true ]; then
-  no_tls=
+  with_tls="+tls"
 
   # Initial registration, blocking
   certs::renew "$DNS_OVER_TLS_DOMAIN" "$DNS_OVER_TLS_LEGO_EMAIL" "$DNS_OVER_TLS_PORT" "$DNS_OVER_TLS_LE_USE_STAGING"
@@ -80,7 +82,12 @@ fi
 
 # Choose config based on environment values
 [ "$DNS_FORWARD_ENABLED" == true ]  && mode=forward || mode=recursive
-[ "$DNS_STUFF_MDNS" == true ]  && mod=-mdns || mod=
+[ "$DNS_STUFF_MDNS" == true ]  && with_mdns=+mdns || with_mdns=
+
+args=(-conf "/config/coredns-${mode}${with_tls}${with_mdns}.conf")
+
+normalized_log_level="$(printf "%s" "$LOG_LEVEL" | tr '[:upper:]' '[:lower:]')"
+[ "$normalized_log_level" != "error" ] && [ "$normalized_log_level" != "warning" ]  || args+=(-quiet)
 
 # Get coredns started
-exec coredns -conf /config/coredns${no_tls}-tls-${mode}${mod}.conf "$@"
+exec coredns "${args[@]}" "$@"

context/runtime/config/coredns-forward+mdns.conf

@@ -0,0 +1,18 @@
+import snips/mdns.conf
+
+# Classic DNS on 53, forwarding to an upstream
+.:{$DNS_PORT} {
+  import snips/hosts.conf
+  import snips/forward.conf
+  import snips/cache.conf
+  import snips/monitor.conf
+}
+
+{$HEALTHCHECK_QUESTION}:{$DNS_PORT} {
+  import snips/forward.conf
+}
+
+whoami:{$DNS_PORT} {
+  # https://coredns.io/plugins/whoami/
+  whoami
+}

context/runtime/config/coredns-forward+tls.conf

@@ -0,0 +1,24 @@
+tls://.:{$DNS_OVER_TLS_PORT} {
+  tls /certs/certificates/{$DOMAIN}.crt /certs/certificates/{$DOMAIN}.key /certs/certificates/{$DOMAIN}.issuer.crt
+
+  import snips/hosts.conf
+  import snips/forward.conf
+  import snips/cache.conf
+  import snips/monitor.conf
+}
+
+.:{$DNS_PORT} {
+  import snips/hosts.conf
+  import snips/forward.conf
+  import snips/cache.conf
+  import snips/monitor.conf
+}
+
+{$HEALTHCHECK_QUESTION}:{$DNS_PORT} {
+  import snips/forward.conf
+}
+
+whoami:{$DNS_PORT} {
+  # https://coredns.io/plugins/whoami/
+  whoami
+}

context/runtime/config/coredns-forward.conf

@@ -0,0 +1,16 @@
+# Classic DNS on 53, forwarding to an upstream
+.:{$DNS_PORT} {
+  import snips/hosts.conf
+  import snips/forward.conf
+  import snips/cache.conf
+  import snips/monitor.conf
+}
+
+{$HEALTHCHECK_QUESTION}:{$DNS_PORT} {
+  import snips/forward.conf
+}
+
+whoami:{$DNS_PORT} {
+  # https://coredns.io/plugins/whoami/
+  whoami
+}

context/runtime/config/coredns-recursive+tls.conf

@@ -0,0 +1,24 @@
+tls://.:{$DNS_OVER_TLS_PORT} {
+  tls /certs/certificates/{$DNS_OVER_TLS_DOMAIN}.crt /certs/certificates/{$DNS_OVER_TLS_DOMAIN}.key /certs/certificates/{$DNS_OVER_TLS_DOMAIN}.issuer.crt
+
+  import snips/hosts.conf
+  import snips/recursive.conf
+  import snips/cache.conf
+  import snips/monitor.conf
+}
+
+.:{$DNS_PORT} {
+  import snips/hosts.conf
+  import snips/recursive.conf
+  import snips/cache.conf
+  import snips/monitor.conf
+}
+
+{$HEALTHCHECK_QUESTION}:{$DNS_PORT} {
+  import snips/forward.conf
+}
+
+whoami:{$DNS_PORT} {
+  # https://coredns.io/plugins/whoami/
+  whoami
+}

context/runtime/config/coredns-recursive.conf

@@ -0,0 +1,15 @@
+.:{$DNS_PORT} {
+  import snips/hosts.conf
+  import snips/recursive.conf
+  import snips/cache.conf
+  import snips/monitor.conf
+}
+
+{$HEALTHCHECK_QUESTION}:{$DNS_PORT} {
+  import snips/forward.conf
+}
+
+whoami:{$DNS_PORT} {
+  # https://coredns.io/plugins/whoami/
+  whoami
+}

context/runtime/config/snips/cache.conf

@@ -0,0 +1,2 @@
+# https://coredns.io/plugins/cache/
+cache 3600

context/runtime/config/snips/forward.conf

@@ -0,0 +1,5 @@
+# https://coredns.io/plugins/forward/
+forward . {$DNS_FORWARD_UPSTREAM_IP_1} {$DNS_FORWARD_UPSTREAM_IP_2} {
+   tls_servername {$DNS_FORWARD_UPSTREAM_NAME}
+   health_check 5s
+}

context/runtime/config/snips/hosts.conf

@@ -0,0 +1,4 @@
+# https://coredns.io/plugins/hosts/
+hosts {
+  fallthrough
+}

context/runtime/config/snips/mdns.conf

@@ -0,0 +1,4 @@
+local {
+  # https://coredns.io/explugins/mdns/
+  mdns local 1
+}

context/runtime/config/snips/monitor.conf

@@ -0,0 +1,13 @@
+# https://coredns.io/plugins/health/
+health localhost:8091
+# https://coredns.io/plugins/pprof/
+pprof localhost:6053
+# https://coredns.io/plugins/metrics/
+prometheus :{$METRICS_PORT}
+# https://coredns.io/plugins/log/
+log
+# {combined}
+# https://coredns.io/plugins/errors/
+errors
+# https://coredns.io/plugins/reload/
+reload

context/runtime/config/snips/recursive.conf

@@ -0,0 +1,2 @@
+# https://coredns.io/explugins/unbound/
+unbound