doh support: make no TLS config fatal (#4162)

without TLS you can't have a functioning DoH server as no client will be able to talk to it. Make this a fatal failure. Add some extra docs on how to start a DoH capable server. Signed-off-by: Miek Gieben <miek@miek.nl>
author: Miek Gieben <miek@miek.nl> 2020-09-30 17:17:24 +0200
committer: GitHub <noreply@github.com> 2020-09-30 17:17:24 +0200
commit: 5235b35e3f321fc1e273c39e19eae71bd0df7fcc (patch)
tree: 7b588dcdea0d39a453e308f302e8248fbb589144 /core
parent: 0cb013657028a559b0e5ebe9fb147989cd925562 (diff)
download: coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.tar.gz
coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.tar.zst
coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/core/dnsserver/server_https.go b/core/dnsserver/server_https.go
index 621bdca24..fb5933815 100644
--- a/core/dnsserver/server_https.go
+++ b/core/dnsserver/server_https.go
@@ -38,6 +38,9 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
 		// Should we error if some configs *don't* have TLS?
 		tlsConfig = conf.TLSConfig
 	}
+	if tlsConfig == nil {
+		return nil, fmt.Errorf("DoH requires TLS to be configured, see the tls plugin")
+	}
 
 	srv := &http.Server{
 		ReadTimeout:  5 * time.Second,
author	Miek Gieben <miek@miek.nl>	2020-09-30 17:17:24 +0200
committer	GitHub <noreply@github.com>	2020-09-30 17:17:24 +0200
commit	5235b35e3f321fc1e273c39e19eae71bd0df7fcc (patch)
tree	7b588dcdea0d39a453e308f302e8248fbb589144 /core
parent	0cb013657028a559b0e5ebe9fb147989cd925562 (diff)
download	coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.tar.gz coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.tar.zst coredns-5235b35e3f321fc1e273c39e19eae71bd0df7fcc.zip