Using External Plugin in CoreDNS

[cekbote]

I am trying to follow this: https://github.com/coredns/example, however I cant see "example" anywhere. The starting part of my corefile.5.md file is : . { forward . 9.9.9.9 example }

I have changed the file format of the corefile and made it a .txt file. It can be found here: corefile.5.md.txt

[yongtang]

@Chanakya-Ekbote Is example directory placed under your local coredns repo?

[cekbote]

@yongtang Do you mean on my local machine or a forked coredns repo? I can't see anything in my local machine nor I have I forked coredns/coredns. Should I fork it?

[cekbote]

@yongtang Follow up on a different external plugin: So what I did was fork the coredns/demo into my repo. Then I added demo:github.com/Chanakya-Ekbote/demo into the plugin.cfg file. However when I use make, I get the following error:

CGO_ENABLED=0 go build -v -ldflags="-s -w -X github.com/coredns/coredns/coremain.GitCommit=a3aeb3d5-dirty" -o coredns go: finding github.com/Chanakya-Ekbote/demo latest go: github.com/coredns/coredns imports github.com/coredns/coredns/core/plugin imports github.com/Chanakya-Ekbote/demo imports github.com/mholt/caddy: github.com/mholt/caddy@v1.0.5: parsing go.mod: module declares its path as: github.com/caddyserver/caddy but was required as: github.com/mholt/caddy Makefile:16: recipe for target 'coredns' failed make: *** [coredns] Error 1

[yongtang]

@Chanakya-Ekbote You should build coredns repo first. After a successful build, place example or demo directory under the coredns repo. And make adjustment to build coredns again. This will enable the plugin in coredns (you still need coredns).

[cekbote]

@yongtang So you want me to fork the coredns repo. Use that to clone the same forked repo into my local system and then place example or demo directory under the forked repo and clone it again?

[yongtang]

@Chanakya-Ekbote You can:

1. Clone coredns in your local disk
2. Build coredns server first
3. If build is successful, place example or demo directory under your local disk's coredns plugin directory, and make plugin.cfg changes.
4. Build coredns server again.

[cekbote]

@yongtang Oh I had already cloned CoreDNS and built it. I was going to put the demo directory under my local disks coredns plugin directory, however @greenpau recomended not doing that (Please see gitter). Il do the same now. :)

[yongtang]

@Chanakya-Ekbote There are multiple ways to add additional plugin for coredns. Let's start with an short path to get the pipeline. We can come back and revisit once we have a round trip plumbing in place.

[cekbote]

@yongtang So I tried using the demo plugin (by creating the folder under the plugin directory and putting the plugins there) as you suggested, and the error is consistent with what I tried earlier:

go generate coredns.go CGO_ENABLED=0 go build -v -ldflags="-s -w -X github.com/coredns/coredns/coremain.GitCommit=c9c21270-dirty" -o coredns go: github.com/coredns/coredns imports github.com/coredns/coredns/core/plugin imports github.com/coredns/coredns/plugin/demo imports github.com/mholt/caddy: github.com/mholt/caddy@v1.0.5: parsing go.mod: module declares its path as: github.com/caddyserver/caddy but was required as: github.com/mholt/caddy Makefile:16: recipe for target 'coredns' failed make: *** [coredns] Error 1

[cekbote]

@yongtang I tried doing the same with the example folder also. I can see the plugin is enabled. However, I am not getting the output that the link specifies.

[greenpau]

@Chanakya-Ekbote , where is the code you are compiling?

[cekbote]

@Chanakya-Ekbote , where is the code you are compiling?

Its the same code from this link https://github.com/coredns/example The previous one where I got an error was in: https://github.com/coredns/demo

Looking at these examples I think both the methods (using the github link and putting it under their respective folders in the plugin directory) work well for building plugins.

[greenpau]

Its the same code from this link https://github.com/coredns/example

@Chanakya-Ekbote , please create a pull request with that code so that we could comment on it.

[cekbote]

Its the same code from this link https://github.com/coredns/example

@Chanakya-Ekbote , please create a pull request with that code so that we could comment on it.

I did something stupid, I changed the readme file, Il make some small changes in the code too. I should just change the setup.go and the example.go right?

I have just added comments to the files. I hope this is ok. Let me know if anything else is required. :)

[yongtang]

@Chanakya-Ekbote let's take a step back. Can you build the coredns without example/demo plugin? Just clone github.com/coredns/coredns locally, and build by following the instructions on README.md from github.com/coredns/coredns

[cekbote]

@yongtang @greenpau I actually built coredns locally day before yesterday itself (Please see Gitter, the daily progress doc: https://docs.google.com/document/d/1eD9uu1dLaDtKHJR9HDCYK2CQkRVUnWD0-INHghYb8DE/edit?usp=sharing, also the photos above.)

The reason I created the 'Example' PR, as recommended by @greenpau was that I thought you would comment on it i.e. make changes to the code/or explain it enough so that I could figure it out. Apologies if I thought wrong.

[yongtang]

@Chanakya-Ekbote From the screenshot I see you are showing corefile.5.md. Is the content the same as the Corefile?

[cekbote]

@greenpau @yongtang So from the call I guess it's pretty clear that I am weak in DevOps i.e. git, go. Moreover, I still have no idea how to set up a plugin, nor do I know how to setup a corns server properly. I honestly don't understand most of the things that happened over the call to be brutally honest. The git part I think I can come up to speed within a week or so (by consulting some of my friends and online blogs/videos). I am really unsure how to proceed from here so could you please give your recomendations?

[yongtang]

@Chanakya-Ekbote Yes I think spend some time on git and golang will be worth the effort for this project, as this project is centering around coredns (and to a larger extent cncf/k8s), which are pretty much in golang exclusively.

It is not necessarily to be an expert, but this week I think you want to achieve the following:

1. Build coredns (no external plugin, just coredns itself) from source with golang and be familiar.
2. Familiar with git and golang and see how Golang's import path works.

Once you can build coredns from source with golang, and get familiar with Golang's path/etc, it will be a lot easy to move to adding external plugin.

[cekbote]

@Chanakya-Ekbote Yes I think spend some time on git and golang will be worth the effort for this project, as this project is centering around coredns (and to a larger extent cncf/k8s), which are pretty much in golang exclusively.

It is not necessarily to be an expert, but this week I think you want to achieve the following:

1. Build coredns (no external plugin, just coredns itself) from source with golang and be familiar.

2. Familiar with git and golang and see how Golang's import path works.

Once you can build coredns from source with golang, and get familiar with Golang's path/etc, it will be a lot easy to move to adding external plugin.

Yes I'll do that :)

[cekbote]

@yongtang @greenpau So I saw this course online called the missing semester, It talks about using bash, git etc. It can be found here: https://missing.csail.mit.edu/.

My plan is to do this course until the part where git is explained. Along with the git lecture, I will also go through the Pro Git book https://git-scm.com/book/en/v2. I will do this today and tomorrow. I have already done the first three lecture of the course along with the exercises. (I will finish four today).

From the day after tomorrow to around Monday, I will go through the Learning Go book by Mark and then before the call on Tuesday, I will try to configure coredns onto a Linux based system (The Linux system would be on a VM).

Please let me know your thoughts let me know whether this sounds like a good plan.

[yongtang]

@Chanakya-Ekbote An easy way to compile coredns on Linux, without the confusing golang import path, is to build coredns with docker (https://github.com/coredns/coredns#compilation-with-docker)

$ docker run --rm -i -t -v $PWD:/v -w /v golang:1.14 make

This will give you a repeatable build on linux (the generated binary only works on Linux though. On Windows additional steps are needed.

[cekbote]

@Chanakya-Ekbote An easy way to compile coredns on Linux, without the confusing golang import path, is to build coredns with docker (https://github.com/coredns/coredns#compilation-with-docker)

$ docker run --rm -i -t -v $PWD:/v -w /v golang:1.14 make

This will give you a repeatable build on linux (the generated binary only works on Linux though. On Windows additional steps are needed.

Sure, il setup a VM and try it. I naturally will have to install docker right? May, I know your thoughts on the plan above :)

[yongtang]

Docker is not necessarily for this GSoC project or build coredns itself. Some people prefer to use other methods that may tied to their work environment setup.

Docker is one easy way to build coredns. Since this GSoC project itself is not focusing on building coredns, docker is a method that may help you to avoid spending unnecessary time.

I don't have a strong preference what tool you decide to use, you only need to choose ONE tool which you feel most convenient and easy yourself.

[cekbote]

Docker is not necessarily for this GSoC project or build coredns itself. Some people prefer to use other methods that may tied to their work environment setup.

Docker is one easy way to build coredns. Since this GSoC project itself is not focusing on building coredns, docker is a method that may help you to avoid spending unnecessary time.

I don't have a strong preference what tool you decide to use, you only need to choose ONE tool which you feel most convenient and easy yourself.

Sure, Il do that, I am downloading the iso file of ubuntu 18.04. I'll keep you posted on the developments. :)

[cekbote]

@yongtang Hi :), I installed a VM and then Ubuntu 18.04. I then installed Docker, and then built coredns. I have attached a screenshot that shows what I am getting. On the right is where I have started the coredns server, on the left is where I communicate with the server. I still can't start coredns on port :53 but I don't think thats a major issue. Please let me know if this is what I am supposed to get.

[yongtang]

@Chanakya-Ekbote I think this is good enough. Though you want to modify the Corefile with

.:<another port like 9053> {
  whoami
}

And remove '-dns.port=1053' from command line, so

./coredns

Then you can test dig against <another port like 9053>. This is just to make sure Corefile is working correctly.

Once we can verify this, we will see if we can place an external plugin into the build.

[cekbote]

@yongtang I don't think it works. It keeps giving a repetative error bind permission denied. When I try to use sudo it says port 53 always occupied.

Here is the bind permission error:

Here is the corefile:

I tried to kill the process but it seems to be a system process:

[cekbote]

@yongtang I checked coredns documentation the corefile.5.md seems to be the correct corefile. The documentation can be found here: https://github.com/coredns/coredns/blob/master/corefile.5.md

Is there something that I am doing wrong here? Also would there be a possibility that we are using different versions of coredns ?

[yongtang]

@Chanakya-Ekbote corefile.5.md is the document for Corefile. Instead you should create a file named Corefile and place the following inside the Corefile:

.:9053 {
  whoami
}

[cekbote]

@Chanakya-Ekbote corefile.5.md is the document for Corefile. Instead you should create a file named Corefile and place the following inside the Corefile:

.:9053 {
  whoami
}

Ill do that and check, give me 10 min.

[cekbote]

@yongtang Yes it finally works :), thanks a lot :+1:

I think the documentation under corefile should be edited a little bit, also maybe in the introductory readme to coredns... this is just a suggestion. I could do it, I think, just add a few extra steps that explicitly state that we have to create a Corefile.

[yongtang]

@Chanakya-Ekbote Glad that works.

I think the documentation under corefile should be edited a little bit, also maybe in the introductory readme to coredns... this is just a suggestion.

Would you like to create a PR to https://github.com/coredns/coredns repo? That will be a good way to get involvement in coredns community.

[cekbote]

@Chanakya-Ekbote Glad that works.

I think the documentation under corefile should be edited a little bit, also maybe in the introductory readme to coredns... this is just a suggestion.

Would you like to create a PR to https://github.com/coredns/coredns repo? That will be a good way to get involvement in coredns community.

@yongtang I'd love to. I'll make the necessary changes. :). Also please let me know how should we proceed from now on?

[yongtang]

@Chanakya-Ekbote The next step is to add an external plugin (example/demo) into your coredns build. Once you can build an external plugin and works, we will be very close to get a round trip plumbing in place.

[cekbote]

@Chanakya-Ekbote The next step is to add an external plugin (example/demo) into your coredns build. Once you can build an external plugin and works, we will be very close to get a round trip plumbing in place.

@yongtang Yes Il do that too. I think I'll start with the example plugin. Thats because as you saw earlier the demo plugin was giving some errors.

One minor update, coredns works even with Ubuntu bash on windows, I guess all we had to do was create a Corefile. :)

[yongtang]

@Chanakya-Ekbote coredns itself is cross platform and could run in windows, linux, macOS (and arm and mips). Though as you might already notice, the challenge is about golang setup. If you have a proven golang environment setup in Windows then you can just use Windows natively for coredns.

[cekbote]

@Chanakya-Ekbote coredns itself is cross platform and could run in windows, linux, macOS (and arm and mips). Though as you might already notice, the challenge is about golang setup. If you have a proven golang environment setup in Windows then you can just use Windows natively for coredns.

@yongtang Oh that makes sense.

A few updates, the example plugin does not seem to be doing what it's intended to do. Like I don't see "example" anywhere. I tried some other plugins such as forward and log, and they seem to be working fine I have changed the plugin.cfg file and I do have the example plugin shown when we do check or plugins.

The Corefile

The Plugin.cfg

The example plugin.

Port 1054 contains log and forward so you can see that works:

However, Port 1056 contains the example plugin.

Maybe you could suggest a different external plugin for testing purposes other than demo and example?

[yongtang]

@Chanakya-Ekbote demo plugin has been updated with a commit now: https://github.com/coredns/demo/commit/57212712287e5d630b3dee70a49493b21d0e3bd0

It should work with following:

git clone https://github.com/coredns/coredns.git
cd coredns/plugin/
git clone https://github.com/coredns/demo.git
cd ..
vi plugin.cfg # add demo:demo to the first line 
docker run --rm -i -t -v $PWD:/v -w /v golang:1.14 sh -c 'make gen && make'

demo directory should be placed inside coredns/plugin, and your plugin.cfg should include

demo:demo

as the first line.

[cekbote]

@yongtang I tried it. It works now :)

My guess is you'd want me to integrate the go program that I created before into the demo plugin and see how that communicates with the flask server?

[yongtang]

@Chanakya-Ekbote That is great!

Yes the next step is to integrate the go program for http => flask, so that any DNS query will send a http request to flask and receive a response. Depending on the response to decide what to reply for DNS query. once this is done our end-to-end pipeline is in place and we could move to model building.

[cekbote]

@yongtang Sure, I'll do that. I'll also improve the documentation regarding the Corefile over the weekend. :)

[cekbote]

@yongtang The program is communicating with the Flask server. All it does currently is send a json object to the Flask server and gets a modified json object back.

It can be seen here:

The modified demo plugin can be found here:

The code for the flask server can be found here:

What modifications would you suggest to the reply part of the demo plugin? As I remember from the Gitter conversations we'd have to send a "blackhole IP" to the client? From I understand if its a malicious domain, we'd be adding a "blackhole ip" to the rr.A = net.ParseIP(reply).To4() where reply would be a string that consists of a blackhole ip. Is my understanding correct?

[cekbote]

@yongtang I added a conditional in the code. The condition is that if the client wants to resolve www.google.com, it gets back 8.8.8.8 but for any other domain name, it gets back 2.2.2.2. Would that be sufficient for a barebones pipeline?

[yongtang]

@Chanakya-Ekbote For any other domains other than the one that hit the ml algorithm, you want to leave it alone and ask the next plugin to process. So you should use :

if ... {
        .... ml logic...
        // write response
    w.WriteMsg(m)
    return dns.RcodeSuccess, nil
}
// fall back to the next plugin
return plugin.NextOrFailure(n.Name(), n.Next, ctx, w, r)

[cekbote]

@yongtang So what I've done is if the ml algorithm predicts its a malicious domain it will return a predefined reply else, it falls back to the next plugin. To test this out should I chain a plugin after the demo plugin, maybe whoami ?

[greenpau]

So what I've done is if the ml algorithm predicts its a malicious domain it will return a predefined reply else

@Chanakya-Ekbote , you probably want to have a configuration that allows a user to specify the address to redirect requests to malicious domains to.

That IP address could be a honeypot. When traffic comes to the address the honeypot knows there is something going on.

[cekbote]

So what I've done is if the ml algorithm predicts its a malicious domain it will return a predefined reply else

@Chanakya-Ekbote , you probably want to have a configuration that allows a user to specify the address to redirect requests to malicious domains to.

That IP address could be a honeypot. When traffic comes to the address the honeypot knows there is something going on.

I dont have any idea about honeypots. I'll read about them and we could discuss it tomorrow?

[yongtang]

@Chanakya-Ekbote honeypots is essentially a technique in security to lure and attract malicious traffic for further analysis, e.g., have a sandbox or vm to actually run malicious program for behavior analysis (and some times automatic signature generation). The honeypots itself is not the focus of this GSoC. However, you do need a way to allow user to selectively specify what the blackhole or honeypots would be when they launch the CoreDNS-ML firewall.

You can either add the option in setup.go, or even simpler, just return the IP of honeypots or blackhole in your python program in restful response.

[yongtang]

To test this out should I chain a plugin after the demo plugin, maybe whoami ?

@Chanakya-Ekbote Ideally the coredns-ml setup should be that,

1. User setup CoreDNS the normal way with any plugins that they use (e.g., forward to 8.8.8.8, Kubernetes to wire up the Kubernetes cluster, etc).
2. User will update the Corefile to enable the ML firewall, so that ML firewall will be at the beginning of the plugin chain, and block traffic if deemed malicious. If traffic is considered ok then it will fallback to the next plugin user setup, and the rest will behave like before.

For testing purposes, you can use forward to 8.8.8.8, or whomi will be fine as well (for just testing).