[dnsdist] addDOHLocal has 'urls' parameter, but addDOH3Local has not?
Remi Gacogne
remi.gacogne at powerdns.com
Thu Oct 2 12:05:24 UTC 2025
On 10/2/25 12:18, Marco Davids (SIDN) via dnsdist wrote:
> Got it and that makes sense. Maybe worth updating the docs to mention
> this important detail?
Oh, yeah, that makes sense indeed!
> But isn't the urls parameter needed to make that work?
It is needed because dnsdist will discard everything that is not allowed
by "urls" for DoH, even before processing the response maps. One option
is to configure urls to allow everything below "/".
> Since newDOHResponseMapEntry accepts a regex I was wondering...
>
> Wouldn't it be cool if we could reference the match from a regex (e.g.
> $1) in the content string, if at all possible to do?
>
> That way, we could use the dynamic part of the URL (e.g. the token in an
> ACME challenge request)
> in a response.
>
> Like this for example:
>
> `^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$`
>
> content string:
>
> https://example.nl/.well-known/acme-challenge/$1
>
> Perhaps there are other possible use cases as well.
>
> Hope that makes sense.
It does! Would you mind opening a feature request on our GitHub for that
so we don't forget? We'll have a look when we get to implementing
response maps for DoH3.
Cheers,
--
Remi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20251002/cf806b52/attachment.sig>
More information about the dnsdist
mailing list