[dnsdist] dnsdist 1.5.1 doh + options bug ?

Remi Gacogne remi.gacogne at powerdns.com
Tue Oct 6 07:05:52 UTC 2020

Hi Dave,

On 10/6/20 2:14 AM, Dave Knight via dnsdist wrote:
> Hello all,
> Recently started exploring dnsdist and joined the mail list just today.
> I'd been playing with DoT and DoH in 1.4.0 without problems. Since switching to 1.5.0 and now 1.5.1 I have problems with DoH.
> I did some fiddling in the config and found that DoH doesn't work for a listener configured where addDOHLocal has { options }.
> [...]
> addDOHLocal( '[::1]:443',
>             '/etc/ssl/certs/bigalsfancydns.com.pem',
>             '/etc/ssl/private/bigalsfancydns.com.key',
>             { reusePort=True } )

If you look at the documentation for addDOHLocal[1] you'll see that the
fourth parameter is a path, or a list of paths, and not the options that
you are trying to set. These come in the fifth parameter. Basically all
your configurations except for the '4' one do not accept HTTP(S) queries
on any path, hence your issue.

[1]: https://dnsdist.org/reference/config.html#addDOHLocal

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20201006/8f75f3fa/attachment.sig>

More information about the dnsdist mailing list