diff options
author | 2020-09-30 17:17:24 +0200 | |
---|---|---|
committer | 2020-09-30 17:17:24 +0200 | |
commit | 5235b35e3f321fc1e273c39e19eae71bd0df7fcc (patch) | |
tree | 7b588dcdea0d39a453e308f302e8248fbb589144 | |
parent | 0cb013657028a559b0e5ebe9fb147989cd925562 (diff) | |
download | coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.tar.gz coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.tar.zst coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.zip |
doh support: make no TLS config fatal (#4162)
without TLS you can't have a functioning DoH server as no client will be
able to talk to it. Make this a fatal failure.
Add some extra docs on how to start a DoH capable server.
Signed-off-by: Miek Gieben <miek@miek.nl>
-rw-r--r-- | README.md | 5 | ||||
-rw-r--r-- | core/dnsserver/server_https.go | 3 |
2 files changed, 7 insertions, 1 deletions
@@ -195,13 +195,16 @@ And for DNS over HTTP/2 (DoH) use: ~~~ corefile https://example.org { whoami + tls mycert mykey } ~~~ +Note that you must have the *tls* plugin configured as DoH requires that to be setup. + Specifying ports works in the same way: ~~~ txt -grpc://example.org:1443 { +grpc://example.org:1443 https://example.org:1444 { # ... } ~~~ diff --git a/core/dnsserver/server_https.go b/core/dnsserver/server_https.go index 621bdca24..fb5933815 100644 --- a/core/dnsserver/server_https.go +++ b/core/dnsserver/server_https.go @@ -38,6 +38,9 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) { // Should we error if some configs *don't* have TLS? tlsConfig = conf.TLSConfig } + if tlsConfig == nil { + return nil, fmt.Errorf("DoH requires TLS to be configured, see the tls plugin") + } srv := &http.Server{ ReadTimeout: 5 * time.Second, |