Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-30 17:53:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

doh support: make no TLS config fatal (#4162)

Browse Source 
without TLS you can't have a functioning DoH server as no client will be
able to talk to it. Make this a fatal failure.

Add some extra docs on how to start a DoH capable server.

Signed-off-by: Miek Gieben <miek@miek.nl>
This commit is contained in:
Miek Gieben
2020-09-30 17:17:24 +02:00
committed by GitHub
parent 0cb0136570
commit 5235b35e3f
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -195,13 +195,16 @@ And for DNS over HTTP/2 (DoH) use:
~~~ corefile ~~~ corefile
https://example.org { https://example.org {
whoami whoami
tls mycert mykey
} }
~~~ ~~~
Note that you must have the *tls* plugin configured as DoH requires that to be setup.
Specifying ports works in the same way: Specifying ports works in the same way:
~~~ txt ~~~ txt
grpc://example.org:1443 { grpc://example.org:1443 https://example.org:1444 {
# ... # ...
} }
~~~ ~~~

3
core/dnsserver/server_https.go
View File

@@ -38,6 +38,9 @@ func NewServerHTTPS(addr string, group []*Config) (*ServerHTTPS, error) {
// Should we error if some configs *don't* have TLS? // Should we error if some configs *don't* have TLS?
tlsConfig = conf.TLSConfig tlsConfig = conf.TLSConfig
} }
if tlsConfig == nil {
return nil, fmt.Errorf("DoH requires TLS to be configured, see the tls plugin")
}
srv := &http.Server{ srv := &http.Server{
ReadTimeout: 5 * time.Second, ReadTimeout: 5 * time.Second,