[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-4918":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":15,"starSnapshotCount":15,"syncStatus":16,"lastSyncTime":33,"discoverSource":34},4918,"coredns","coredns\u002Fcoredns","CoreDNS is a DNS server that chains plugins","https:\u002F\u002Fcoredns.io",null,"Go",14099,2467,221,246,0,2,11,51,8,45,"Apache License 2.0",false,"master",[25,5,26,27,28,29],"cncf","dns-server","go","plugin","service-discovery","2026-06-12 02:01:05","[![CoreDNS](https:\u002F\u002Fcoredns.io\u002Fimages\u002FCoreDNS_Colour_Horizontal.png)](https:\u002F\u002Fcoredns.io)\n\n[![Documentation](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fgodoc-reference-blue.svg)](https:\u002F\u002Fgodoc.org\u002Fgithub.com\u002Fcoredns\u002Fcoredns)\n![CodeQL](https:\u002F\u002Fgithub.com\u002Fcoredns\u002Fcoredns\u002Factions\u002Fworkflows\u002Fcodeql-analysis.yml\u002Fbadge.svg)\n![Go Tests](https:\u002F\u002Fgithub.com\u002Fcoredns\u002Fcoredns\u002Factions\u002Fworkflows\u002Fgo.test.yml\u002Fbadge.svg)\n[![CircleCI](https:\u002F\u002Fcircleci.com\u002Fgh\u002Fcoredns\u002Fcoredns.svg?style=shield)](https:\u002F\u002Fcircleci.com\u002Fgh\u002Fcoredns\u002Fcoredns)\n[![Docker Pulls](https:\u002F\u002Fimg.shields.io\u002Fdocker\u002Fpulls\u002Fcoredns\u002Fcoredns.svg)](https:\u002F\u002Fhub.docker.com\u002Fr\u002Fcoredns\u002Fcoredns)\n[![Go Report Card](https:\u002F\u002Fgoreportcard.com\u002Fbadge\u002Fgithub.com\u002Fcoredns\u002Fcoredns)](https:\u002F\u002Fgoreportcard.com\u002Freport\u002Fcoredns\u002Fcoredns)\n[![CII Best Practices](https:\u002F\u002Fbestpractices.coreinfrastructure.org\u002Fprojects\u002F1250\u002Fbadge)](https:\u002F\u002Fbestpractices.coreinfrastructure.org\u002Fprojects\u002F1250)\n[![OpenSSF Scorecard](https:\u002F\u002Fapi.scorecard.dev\u002Fprojects\u002Fgithub.com\u002Fcoredns\u002Fcoredns\u002Fbadge)](https:\u002F\u002Fscorecard.dev\u002Fviewer\u002F?uri=github.com\u002Fcoredns\u002Fcoredns)\n\nCoreDNS is a DNS server\u002Fforwarder, written in Go, that chains [plugins](https:\u002F\u002Fcoredns.io\u002Fplugins).\nEach plugin performs a (DNS) function.\n\nCoreDNS is a [Cloud Native Computing Foundation](https:\u002F\u002Fcncf.io) graduated project.\n\nCoreDNS is a fast and flexible DNS server. The key word here is *flexible*: with CoreDNS you\nare able to do what you want with your DNS data by utilizing plugins. If some functionality is not\nprovided out of the box you can add it by [writing a plugin](https:\u002F\u002Fcoredns.io\u002Fexplugins).\n\nCoreDNS can listen for DNS requests coming in over:\n* UDP\u002FTCP (go'old DNS).\n* TLS - DoT ([RFC 7858](https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7858)).\n* DNS over HTTP\u002F2 - DoH ([RFC 8484](https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc8484)).\n* DNS over HTTP\u002F3 - DoH3\n* DNS over QUIC - DoQ ([RFC 9250](https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc9250)). \n* [gRPC](https:\u002F\u002Fgrpc.io) (not a standard).\n\nCurrently CoreDNS is able to:\n\n* Serve zone data from a file; both DNSSEC (NSEC only) and DNS are supported (*file* and *auto*).\n* Retrieve zone data from primaries, i.e., act as a secondary server (AXFR only) (*secondary*).\n* Sign zone data on-the-fly (*dnssec*).\n* Load balancing of responses (*loadbalance*).\n* Allow for zone transfers, i.e., act as a primary server (*file* + *transfer*).\n* Automatically load zone files from disk (*auto*).\n* Caching of DNS responses (*cache*).\n* Use etcd as a backend (replacing [SkyDNS](https:\u002F\u002Fgithub.com\u002Fskynetservices\u002Fskydns)) (*etcd*).\n* Use k8s (kubernetes) as a backend (*kubernetes*).\n* Serve as a proxy to forward queries to some other (recursive) nameserver (*forward*).\n* Provide metrics (by using Prometheus) (*prometheus*).\n* Provide query (*log*) and error (*errors*) logging.\n* Integrate with cloud providers (*route53*).\n* Support the CH class: `version.bind` and friends (*chaos*).\n* Support the RFC 5001 DNS name server identifier (NSID) option (*nsid*).\n* Profiling support (*pprof*).\n* Rewrite queries (qtype, qclass and qname) (*rewrite* and *template*).\n* Block ANY queries (*any*).\n* Provide DNS64 IPv6 Translation (*dns64*).\n\nAnd more. Each of the plugins is documented. See [coredns.io\u002Fplugins](https:\u002F\u002Fcoredns.io\u002Fplugins)\nfor all in-tree plugins, and [coredns.io\u002Fexplugins](https:\u002F\u002Fcoredns.io\u002Fexplugins) for all\nout-of-tree plugins.\n\n## Compilation from Source\n\nTo compile CoreDNS, we assume you have a working Go setup. See various tutorials if you don’t have\nthat already configured.\n\nFirst, make sure your golang version is 1.25.0 or higher as `go mod` support and other api is needed.\nSee [here](https:\u002F\u002Fgithub.com\u002Fgolang\u002Fgo\u002Fwiki\u002FModules) for `go mod` details.\nThen, check out the project and run `make` to compile the binary:\n\n~~~\n$ git clone https:\u002F\u002Fgithub.com\u002Fcoredns\u002Fcoredns\n$ cd coredns\n$ make\n~~~\n\n> **_NOTE:_**  extra plugins may be enabled when building by setting the `COREDNS_PLUGINS` environment variable with comma separate list of plugins in the same format as plugin.cfg\n\nThis should yield a `coredns` binary.\n\n## Compilation with Docker\n\nCoreDNS requires Go to compile. However, if you already have docker installed and prefer not to\nsetup a Go environment, you could build CoreDNS easily:\n\n```\ndocker run --rm -i -t \\\n    -v $PWD:\u002Fgo\u002Fsrc\u002Fgithub.com\u002Fcoredns\u002Fcoredns -w \u002Fgo\u002Fsrc\u002Fgithub.com\u002Fcoredns\u002Fcoredns \\\n        golang:1.25 sh -c 'GOFLAGS=\"-buildvcs=false\" make gen && GOFLAGS=\"-buildvcs=false\" make'\n```\n\nThe above command alone will have `coredns` binary generated.\n\n## Quick Start\n\nCreate a minimal Corefile:\n\n```bash\ncat > Corefile \u003C\u003CEOF\n.:53 {\n    forward . 8.8.8.8\n    log\n}\nEOF\n```\nRun CoreDNS:\n```\n$ .\u002Fcoredns -conf Corefile\n```\n\nTest it:\n```\n$ dig @127.0.0.1 google.com\n```\n\n## Examples\n\nWhen starting CoreDNS without any configuration, it loads the\n[*whoami*](https:\u002F\u002Fcoredns.io\u002Fplugins\u002Fwhoami) and [*log*](https:\u002F\u002Fcoredns.io\u002Fplugins\u002Flog) plugins\nand starts listening on port 53 (override with `-dns.port`), it should show the following:\n\n~~~ txt\n.:53\nCoreDNS-1.6.6\nlinux\u002Famd64, go1.16.10, aa8c32\n~~~\n\nThe following could be used to query the CoreDNS server that is running now:\n\n~~~ txt\ndig @127.0.0.1 -p 53 www.example.com\n~~~\n\nAny query sent to port 53 should return some information; your sending address, port and protocol\nused. The query should also be logged to standard output.\n\nThe configuration of CoreDNS is done through a file named `Corefile`. When CoreDNS starts, it will\nlook for the `Corefile` from the current working directory. A `Corefile` for CoreDNS server that listens\non port `53` and enables `whoami` plugin is:\n\n~~~ corefile\n.:53 {\n    whoami\n}\n~~~\n\nSometimes port number 53 is occupied by system processes. In that case you can start the CoreDNS server\nwhile modifying the `Corefile` as given below so that the CoreDNS server starts on port 1053.\n\n~~~ corefile\n.:1053 {\n    whoami\n}\n~~~\n\nIf you have a `Corefile` without a port number specified it will, by default, use port 53, but you can\noverride the port with the `-dns.port` flag: `coredns -dns.port 1053`, runs the server on port 1053.\n\nYou may import other text files into the `Corefile` using the _import_ directive.  You can use globs to match multiple\nfiles with a single _import_ directive.\n\n~~~ txt\n.:53 {\n    import example1.txt\n}\nimport example2.txt\n~~~\n\nYou can use environment variables in the `Corefile` with `{$VARIABLE}`.  Note that each environment variable is inserted\ninto the `Corefile` as a single token. For example, an environment variable with a space in it will be treated as a single\ntoken, not as two separate tokens.\n\n~~~ txt\n.:53 {\n    {$ENV_VAR}\n}\n~~~\n\nA Corefile for a CoreDNS server that forward any queries to an upstream DNS (e.g., `8.8.8.8`) is as follows:\n\n~~~ corefile\n.:53 {\n    forward . 8.8.8.8:53\n    log\n}\n~~~\n\nStart CoreDNS and then query on that port (53). The query should be forwarded to 8.8.8.8 and the\nresponse will be returned. Each query should also show up in the log which is printed on standard\noutput.\n\nTo serve the (NSEC) DNSSEC-signed `example.org` on port 1053, with errors and logging sent to standard\noutput. Allow zone transfers to everybody, but specifically mention 1 IP address so that CoreDNS can\nsend notifies to it.\n\n~~~ txt\nexample.org:1053 {\n    file \u002Fvar\u002Flib\u002Fcoredns\u002Fexample.org.signed\n    transfer {\n        to * 2001:500:8f::53\n    }\n    errors\n    log\n}\n~~~\n\nServe `example.org` on port 1053, but forward everything that does *not* match `example.org` to a\nrecursive nameserver *and* rewrite ANY queries to HINFO.\n\n~~~ txt\nexample.org:1053 {\n    file \u002Fvar\u002Flib\u002Fcoredns\u002Fexample.org.signed\n    transfer {\n        to * 2001:500:8f::53\n    }\n    errors\n    log\n}\n\n. {\n    any\n    forward . 8.8.8.8:53\n    errors\n    log\n}\n~~~\n\nIP addresses are also allowed. They are automatically converted to reverse zones:\n\n~~~ corefile\n10.0.0.0\u002F24 {\n    whoami\n}\n~~~\nMeans you are authoritative for `0.0.10.in-addr.arpa.`.\n\nThis also works for IPv6 addresses. If for some reason you want to serve a zone named `10.0.0.0\u002F24`\nadd the closing dot: `10.0.0.0\u002F24.` as this also stops the conversion.\n\nThis even works for CIDR (See RFC 1518 and 1519) addressing, i.e. `10.0.0.0\u002F25`, CoreDNS will then\ncheck if the `in-addr` request falls in the correct range.\n\nListening on TLS (DoT) and for gRPC? Use:\n\n~~~ corefile\ntls:\u002F\u002Fexample.org grpc:\u002F\u002Fexample.org {\n    whoami\n}\n~~~\n\nSimilarly, for QUIC (DoQ):\n\n~~~ corefile\nquic:\u002F\u002Fexample.org {\n    whoami\n    tls mycert mykey\n}\n~~~\n\nAnd for DNS over HTTP\u002F2 (DoH) use:\n\n~~~ corefile\nhttps:\u002F\u002Fexample.org {\n    whoami\n    tls mycert mykey\n}\n~~~\nin this setup, the CoreDNS will be responsible for TLS termination\n\nyou can also start DNS server serving DoH without TLS termination (plain HTTP), but beware that in such scenario there has to be some kind\nof TLS termination proxy before CoreDNS instance, which forwards DNS requests otherwise clients will not be able to communicate via DoH with the server\n~~~ corefile\nhttps:\u002F\u002Fexample.org {\n    whoami\n}\n~~~\n\nSpecifying ports works in the same way:\n\n~~~ txt\ngrpc:\u002F\u002Fexample.org:1443 https:\u002F\u002Fexample.org:1444 {\n    # ...\n}\n~~~\n\nAnd for DNS over HTTP\u002F3 (DoH3) use:\n\n~~~ corefile\nhttps3:\u002F\u002Fexample.org {\n    whoami\n    tls mycert mykey\n}\n~~~\nin this setup, the CoreDNS will be responsible for TLS termination\n\n\nWhen no transport protocol is specified the default `dns:\u002F\u002F` is assumed.\n\n## Community\n\nWe're most active on GitHub (and Slack):\n\n- GitHub: \u003Chttps:\u002F\u002Fgithub.com\u002Fcoredns\u002Fcoredns>\n- Slack: #coredns on \u003Chttps:\u002F\u002Fslack.cncf.io>\n\nMore resources can be found:\n\n- Website: \u003Chttps:\u002F\u002Fcoredns.io>\n- Blog: \u003Chttps:\u002F\u002Fcoredns.io\u002Fblog\u002F>\n- Twitter: [@corednsio](https:\u002F\u002Ftwitter.com\u002Fcorednsio)\n- Mailing list\u002Fgroup: \u003Ccoredns-discuss@googlegroups.com> (not very active)\n\n## Contribution guidelines\n\nIf you want to contribute to CoreDNS, be sure to review the [contribution\nguidelines](.\u002F.github\u002FCONTRIBUTING.md).\n\n## Deployment\n\nExamples for deployment via systemd and other use cases can be found in the [deployment\nrepository](https:\u002F\u002Fgithub.com\u002Fcoredns\u002Fdeployment).\n\n## Deprecation Policy\n\nWhen there is a backwards incompatible change in CoreDNS the following process is followed:\n\n*  Release x.y.z: Announce that in the next release we will make backward incompatible changes.\n*  Release x.y+1.0: Increase the minor version and set the patch version to 0. Make the changes,\n   but allow the old configuration to be parsed. I.e. CoreDNS will start from an unchanged\n   Corefile.\n*  Release x.y+1.1: Increase the patch version to 1. Remove the lenient parsing, so CoreDNS will\n   not start if those features are still used.\n\nE.g. 1.3.1 announce a change. 1.4.0 a new release with the change but backward compatible config.\nAnd finally 1.4.1 that removes the config workarounds.\n\n## Security\n\n### Security Audits\n\nThird party security audits have been performed by:\n* [Cure53](https:\u002F\u002Fcure53.de) in March 2018. [Full Report](https:\u002F\u002Fcoredns.io\u002Fassets\u002FDNS-01-report.pdf)\n* [Trail of Bits](https:\u002F\u002Fwww.trailofbits.com) in March 2022. [Full Report](https:\u002F\u002Fgithub.com\u002Ftrailofbits\u002Fpublications\u002Fblob\u002Fmaster\u002Freviews\u002FCoreDNS.pdf)\n\n### Reporting security vulnerabilities\n\nIf you find a security vulnerability or any security related issues, please DO NOT file a public\nissue, instead send your report privately to `security@coredns.io`. Security reports are greatly\nappreciated and we will publicly thank you for it.\n\nPlease consult [security vulnerability disclosures and security fix and release process\ndocument](https:\u002F\u002Fgithub.com\u002Fcoredns\u002Fcoredns\u002Fblob\u002Fmaster\u002F.github\u002FSECURITY.md)\n","CoreDNS 是一个用 Go 语言编写的 DNS 服务器，通过插件链来实现功能。其核心功能包括支持多种 DNS 协议（如 UDP\u002FTCP、TLS-DoT、DoH、DoQ 等），能够从文件或 etcd 中加载区域数据，提供动态 DNSSEC 签名，支持缓存和负载均衡等。此外，它还具备与 Kubernetes 集成的能力，以及通过 Prometheus 提供监控指标。适用于需要灵活配置 DNS 功能的场景，尤其是容器化环境和服务发现中。","2026-06-11 03:01:28","top_language"]