acl

acl enforces access control policies on source ip and prevents unauthorized access to DNS servers.

Source

any

any gives a minimal response to ANY queries.

Source

auto

auto enables serving zone data from an RFC 1035-style master file, which is automatically picked up from disk.

Source

autopath

autopath allows for server-side search path completion.

Source

azure

azure enables serving zone data from Microsoft Azure DNS service.

Source

bind

bind overrides the host to which the server should bind.

Source

bufsize

bufsize limits EDNS0 buffer size to prevent IP fragmentation.

Source

cache

cache enables a frontend cache.

Source

cancel

cancel cancels a request’s context after 5001 milliseconds.

Source

chaos

chaos allows for responding to TXT queries in the CH class.

Source

clouddns

clouddns enables serving zone data from GCP Cloud DNS.

Source

debug

debug disables the automatic recovery upon a crash so that you’ll get a nice stack trace.

Source

dns64

dns64 enables DNS64 IPv6 transition mechanism.

Source

dnssec

dnssec enables on-the-fly DNSSEC signing of served data.

Source

dnstap

dnstap enables logging to dnstap.

Source

erratic

erratic a plugin useful for testing client behavior.

Source

errors

errors enables error logging.

Source

etcd

etcd enables SkyDNS service discovery from etcd.

Source

file

file enables serving zone data from an RFC 1035-style master file.

Source

forward

forward facilitates proxying DNS messages to upstream resolvers.

Source

geoip

geoip Lookup maxmind geoip2 databases using the client IP, then add associated geoip data to the context request.

Source

grpc

grpc facilitates proxying DNS messages to upstream resolvers via gRPC protocol.

Source

header

header modifies the header for queries and responses.

Source

hosts

hosts enables serving zone data from a /etc/hosts style file.

Source

health

health enables a health check endpoint.

Source

import

import includes files or references snippets from a Corefile.

Source

k8s_external

k8s_external resolves load balancer, external IPs from outside Kubernetes clusters and if enabled headless services.

Source

kubernetes

kubernetes enables reading zone data from a Kubernetes cluster.

Source

local

local respond to local names.

Source

loadbalance

loadbalance randomizes the order of A, AAAA and MX records.

Source

loop

loop detects simple forwarding loops and halts the server.

Source

metadata

metadata enables a metadata collector.

Source

log

log enables query logging to standard output.

Source

nsid

nsid adds an identifier of this server to each reply.

Source

minimal

minimal minimizes size of the DNS response message whenever possible.

Source

pprof

pprof publishes runtime profiling data at endpoints under /debug/pprof.

Source

ready

ready enables a readiness check HTTP endpoint.

Source

prometheus

prometheus enables Prometheus metrics.

Source

root

root simply specifies the root of where to find (zone) files.

Source

reload

reload allows automatic reload of a changed Corefile.

Source

rewrite

rewrite performs internal message rewriting.

Source

route53

route53 enables serving zone data from AWS route53.

Source

sign

sign adds DNSSEC records to zone files.

Source

secondary

secondary enables serving a zone retrieved from a primary server.

Source

whoami

whoami returns your resolver’s local IP address, port and transport.

Source

template

template allows for dynamic responses based on the incoming query.

Source

timeouts

timeouts allows you to configure the server read, write and idle timeouts for the TCP, TLS and DoH servers.

Source

tls

tls allows you to configure the server certificates for the TLS, gRPC, DoH servers.

Source

trace

trace enables OpenTracing-based tracing of DNS requests as they go through the plugin chain.

Source

transfer

transfer perform (outgoing) zone transfers for other plugins.

Source

tsig

tsig define TSIG keys, validate incoming TSIG signed requests and sign responses.

Source

view

view defines conditions that must be met for a DNS request to be routed to the server block.

Source