doh support: make no TLS config fatal (#4162)
without TLS you can't have a functioning DoH server as no client will be able to talk to it. Make this a fatal failure. Add some extra docs on how to start a DoH capable server. Signed-off-by: Miek Gieben <miek@miek.nl>
This commit is contained in:
Miek Gieben
GitHub
parent
0cb0136570
commit
5235b35e3f
2 changed files with 7 additions and 1 deletions
|
|
@ -195,13 +195,16 @@ And for DNS over HTTP/2 (DoH) use:
|
||||||
~~~ corefile
|
~~~ corefile
|
||||||
https://example.org {
|
https://example.org {
|
||||||
whoami
|
whoami
|
||||||
|
tls mycert mykey
|
||||||
}
|
}
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
Note that you must have the *tls* plugin configured as DoH requires that to be setup.
|
||||||
|
|
||||||
Specifying ports works in the same way:
|
Specifying ports works in the same way:
|
||||||
|
|
||||||
~~~ txt
|
~~~ txt
|
||||||
grpc://example.org:1443 {
|
grpc://example.org:1443 https://example.org:1444 {
|
||||||
# ...
|
# ...
|
||||||
}
|
}
|
||||||
~~~
|
~~~
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,9 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
|
||||||
// Should we error if some configs *don't* have TLS?
|
// Should we error if some configs *don't* have TLS?
|
||||||
tlsConfig = conf.TLSConfig
|
tlsConfig = conf.TLSConfig
|
||||||
}
|
}
|
||||||
|
if tlsConfig == nil {
|
||||||
|
return nil, fmt.Errorf("DoH requires TLS to be configured, see the tls plugin")
|
||||||
|
}
|
||||||
|
|
||||||
srv := &http.Server{
|
srv := &http.Server{
|
||||||
ReadTimeout: 5 * time.Second,
|
ReadTimeout: 5 * time.Second,
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue