matchrelay - match IP addresses and selectively relay them to specific upstream
Module aims to provide a way to segregate traffic based on source IP of a query similar to how routers perform source based routing instead of destination domains which coredns is normally doing.
This module has a dependency on the forward module and support multi proxies and resource optimizations as with the forward module.
to build, pull coredns code
git clone https://github.com/coredns/coredns.gitadd this line into plugin.cfg
...
etcd:etcd
loop:loop
matchrelay:github.com/kelchy/matchrelay
forward:forward
grpc:grpc
...take note of the order as ordinality of the plugins matter for coredns
since cache is above matchrelay, cache may serve responses without hitting matchrelay this may cause unexpected behaviours, avoid using cache with matchrelay if the order of plugins is made this way
you may need to set git to use ssh
git config --global url."[email protected]:".insteadOf "https://github.com/"and set to private
export GOPRIVATE=github.com/kelchy/matchrelaythen use "make" to build
makeor
go get github.com/kelchy/matchrelay
go generate
go buildmatchrelay {
net <source ip>
match ./list.txt
reload 10s
relay <destination server>
}"net" is a declaration of a network host/subnet "match" will look for a file containing list of declarations and "reload" will automatically reload the list if md5 of the file changes "relay" will round robin destinations for the matched requests
Start a server on the default port and load the matchrelay
example.org {
matchrelay {
net 10.1.2.3/32
relay 8.8.8.8:53 1.1.1.1:53
}
}
or by importing a file instead of using the internal match and reload mechanism. note that if you use reload module, the whole Corefile will be loaded in each reload. if the number of zones or list is high, this may cause huge spikes in CPU which may bring down performance. For very dynamic environments, use the match and reload mechanism
example.org {
matchrelay {
import ./list.txt
relay 8.8.8.8:53 1.1.1.1:53
}
}
Kelvin Chua [email protected]