aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Miek Gieben <miek@miek.nl> 2020-09-30 17:17:24 +0200
committerGravatar GitHub <noreply@github.com> 2020-09-30 17:17:24 +0200
commit5235b35e3f321fc1e273c39e19eae71bd0df7fcc (patch)
tree7b588dcdea0d39a453e308f302e8248fbb589144
parent0cb013657028a559b0e5ebe9fb147989cd925562 (diff)
downloadcoredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.tar.gz
coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.tar.zst
coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.zip
doh support: make no TLS config fatal (#4162)
without TLS you can't have a functioning DoH server as no client will be able to talk to it. Make this a fatal failure. Add some extra docs on how to start a DoH capable server. Signed-off-by: Miek Gieben <miek@miek.nl>
-rw-r--r--README.md5
-rw-r--r--core/dnsserver/server_https.go3
2 files changed, 7 insertions, 1 deletions
diff --git a/README.md b/README.md
index a8476a7b1..efb5def84 100644
--- a/README.md
+++ b/README.md
@@ -195,13 +195,16 @@ And for DNS over HTTP/2 (DoH) use:
~~~ corefile
https://example.org {
whoami
+ tls mycert mykey
}
~~~
+Note that you must have the *tls* plugin configured as DoH requires that to be setup.
+
Specifying ports works in the same way:
~~~ txt
-grpc://example.org:1443 {
+grpc://example.org:1443 https://example.org:1444 {
# ...
}
~~~
diff --git a/core/dnsserver/server_https.go b/core/dnsserver/server_https.go
index 621bdca24..fb5933815 100644
--- a/core/dnsserver/server_https.go
+++ b/core/dnsserver/server_https.go
@@ -38,6 +38,9 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
// Should we error if some configs *don't* have TLS?
tlsConfig = conf.TLSConfig
}
+ if tlsConfig == nil {
+ return nil, fmt.Errorf("DoH requires TLS to be configured, see the tls plugin")
+ }
srv := &http.Server{
ReadTimeout: 5 * time.Second,