[Pdns-users] package build instructions

[Remi Gacogne]

Hi Alex,

On 09/10/2023 16:21, Alex Pavlov via Pdns-users wrote:
> Meanwhile have one question about DoH & DoT implementation in DNSDIST 1.5 and higher.
> Is written in documentation "...like CertBot, set permissions assuming that services are started as root, which is no longer true for dnsdist as of 1.5.0. For that particular case, making a copy of the necessary files in the /etc/dnsdist directory is advised, using for example CertBot’s --deploy-hook feature to copy the files with the right permissions after a renewal."
> 
> So I set my CertBot with --deploy-hook which copy certs in to /etc/dnsdist and than do proper chmod and chown for files so dnsdist be able to read it. That is done and works fine... however rising one more question: When certs expired (after each 90 days period) and my CertBot do "certbot renew" it replaces the certs files in /etc/dnsdist and changes permissions.
> Does DNSDIST process detects that files changed and serves DoH|DoT from new cert files ?
> Or need to add one more command in  --deploy-hook  to restart DNSDIST if certs changed (like: "systemctl restart dnsdist") ?

No, dnsdist doesn't monitor whether the certificate file changes on 
disk. You can either use the console to issue a 
'reloadAllCertificates()' command which will reload all certificates and 
keys without interruption, or restart dnsdist.

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20231009/f5cdaa48/attachment.sig>