dnsdist: Enforce that additional addresses are DoT/DoH only

I want to support additional addresses on frontends for all protocols,
but the amount of code to change is too important for the 2.0 branch.
So for now, let's document and enforce the current limitation to prevent
surprises.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
index 3e9291b1bbb87433f41ad79b82037837e19ae00f..184e92aae12eac2f2c60d51c1026f565119455c9 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
+++ b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
@@ -706,15 +706,20 @@ static void loadBinds(const ::rust::Vec<dnsdist::rust::settings::BindConfigurati
           state->d_tcpConcurrentConnectionsLimit = bind.tcp.max_concurrent_connections;
         }
 
-        for (const auto& addr : bind.additional_addresses) {
-          try {
-            ComboAddress address{std::string(addr)};
-            state->d_additionalAddresses.emplace_back(address, -1);
-          }
-          catch (const PDNSException& e) {
-            errlog("Unable to parse additional address %s for %s bind: %s", std::string(addr), protocol, e.reason);
+        if (protocol == "dot" || protocol == "doh") {
+          for (const auto& addr : bind.additional_addresses) {
+            try {
+              ComboAddress address{std::string(addr)};
+              state->d_additionalAddresses.emplace_back(address, -1);
+            }
+            catch (const PDNSException& e) {
+              errlog("Unable to parse additional address %s for %s bind: %s", std::string(addr), protocol, e.reason);
+            }
           }
         }
+        else if (!bind.additional_addresses.empty()) {
+          throw std::runtime_error("Passing a non-empty additional_addresses value to a " + protocol + " frontend is not supported");
+        }
 
         if (protocol == "dnscrypt") {
 #if defined(HAVE_DNSCRYPT)

diff --git a/pdns/dnsdistdist/dnsdist-settings-definitions.yml b/pdns/dnsdistdist/dnsdist-settings-definitions.yml
index 04a1b13ef224814243b10c8295a7304e13d0a2f4..f61107c0cfce3b6eef88cb9983023fd09887f4e5 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-settings-definitions.yml
+++ b/pdns/dnsdistdist/dnsdist-settings-definitions.yml
@@ -1129,7 +1129,7 @@ bind:
     - name: "additional_addresses"
       type: "Vec<String>"
       default: ""
-      description: "List of additional addresses (with port) to listen on. Using this option instead of creating a new frontend for each address avoids the creation of new thread and Frontend objects, reducing the memory usage. The drawback is that there will be a single set of metrics for all addresses"
+      description: "List of additional addresses (with port) to listen on. Using this option instead of creating a new frontend for each address avoids the creation of new thread and Frontend objects, reducing the memory usage. The drawback is that there will be a single set of metrics for all addresses. This is only supported for DoT and DoH frontends, and therefore passing a non-empty list for other protocols will trigger an error"
     - name: "xsk"
       type: "String"
       default: ""