Cache plugin mutates state of other plugins #7335
Description
What happened:
cache plugin mutates responses from other plugins:
https://github.com/coredns/coredns/blob/master/plugin/cache/cache.go#L216-L228
The behavior seems to be against the plugin guideline
In our environment cache plugin is used to cache response from file plugin and we observe that over the time TTL of almost all of the responses drops to MinTTL (5s).
# Correct/expected response:
oleg@iad8a-rp7-41a:~$ sudo service coredns restart
oleg@iad8a-rp7-41a:~$ dig iad8a-rn8-19a.sjc.dropbox.com. @localhost +noall +answer +authority
iad8a-rn8-19a.sjc.dropbox.com. 3600 IN A 10.72.175.30
sjc.dropbox.com. 3600 IN NS ns1-pdx3a.dbxnw.net.
sjc.dropbox.com. 3600 IN NS ns1-dfw5a.dbxnw.net.
sjc.dropbox.com. 3600 IN NS ns1-iad8a.dbxnw.net.
# Restart coredns and resolve another record with low TTL (which lowers TTL for NS record):
oleg@iad8a-rp7-41a:~$ sudo service coredns restart
oleg@iad8a-rp7-41a:~$ dig proxy-batch.sjc.dropbox.com @127.0.0.1 +noall +answer +authority
proxy-batch.sjc.dropbox.com. 60 IN CNAME proxy-batch-iad.vip.dbxnw.net.
proxy-batch-iad.vip.dbxnw.net. 60 IN A 10.220.0.1
proxy-batch-iad.vip.dbxnw.net. 60 IN A 10.220.21.6
sjc.dropbox.com. 60 IN NS ns1-pdx3a.dbxnw.net.
sjc.dropbox.com. 60 IN NS ns1-dfw5a.dbxnw.net.
sjc.dropbox.com. 60 IN NS ns1-iad8a.dbxnw.net.
# And resolve the same record as in first step again: it's returned with lower TTL:
oleg@iad8a-rp7-41a:~$ dig iad8a-rn8-19a.sjc.dropbox.com. @localhost +noall +answer +authority
iad8a-rn8-19a.sjc.dropbox.com. 60 IN A 10.72.175.30
sjc.dropbox.com. 60 IN NS ns1-pdx3a.dbxnw.net.
sjc.dropbox.com. 60 IN NS ns1-dfw5a.dbxnw.net.
sjc.dropbox.com. 60 IN NS ns1-iad8a.dbxnw.net.
What you expected to happen:
cache plugin does not mutate state of other plugins
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
- the version of CoreDNS: v1.12.1
- Corefile:
(main_config) {
import local_zones
import internal_zones
import record_overrides
delegate
forward . 127.0.0.1:{$UNBOUND_PORT} # Forward everything else to our recursive resolver
dnstap tcp://127.0.0.1:{$DNSTAP_PORT} full
}
.:{$COREDNS_PORT} {
import main_config
ready localhost:{$COREDNS_READY_PORT}
cache {
success 500
keepttl
}
- logs, if applicable: -
- OS (e.g:
cat /etc/os-release):
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="Ubuntu 24.04 LTS"
- Others: coredns is built from source code