[dnsdist] DoH and DoT on the same IP:port via different SNIs? (was: dnsdist 1.4.0-beta1 released)
Remi Gacogne
remi.gacogne at powerdns.com
Tue Jun 11 13:14:47 UTC 2019
Hi Christoph,
On 6/7/19 9:56 PM, Christoph wrote:
>> This version [...] adds a new rule to route queries based on the
>> incoming TLS Server Name Indication (SNI) value.
>
> Is this the first step towards supporting DoH and DoT on a single
> IP:port and dnsdist will tell them apart via SNI?
>
> dot.example.com:443
>
> doh.example.com:443
>
> (both would resolve to the same IP)
It's a very nice idea, but I'm afraid it's unlikely to happen due to the
fact that we use libh2o to handle incoming connections on DoH ports and
not on DoT ones, so it would be hard to mix them.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190611/28b56c64/attachment.sig>
More information about the dnsdist
mailing list