[dnsdist] dnsdist v2.0..0 alpha1 error on cert rotation
Remi Gacogne
remi.gacogne at powerdns.com
Thu Apr 24 13:20:39 UTC 2025
Hello Jason,
On 4/16/25 03:39, jlong via dnsdist wrote:
> With dnsdist v2.0.0 alpha1 loading new certs fails in maintenance
> function using two dnscrypt binds. But works when loading new cert for a
> single dnscrypt bind.
Thanks a lot for testing alpha1 and reporting this issue! I have been
able to reproduce it, and Doug Freed correctly spotted that it was
introduced during the refactoring of how frontends and binds are
internally registered. The gist of it is that dnsdist has always been
keeping two separate, internal frontends objects for each DNSCrypt bind
(one for UDP, one for TCP), but after the refactoring getDNSCryptBind()
incorrectly counted frontends objects instead of binds. This should be
fixed once this PR [1] has been merged. I also added a regression test
so that we don't break again in the future.
[1]: https://github.com/PowerDNS/pdns/pull/15463
Thanks again!
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20250424/6cc4b892/attachment.sig>
More information about the dnsdist
mailing list