From: Remi Gacogne Date: Thu, 8 Feb 2024 13:42:47 +0000 (+0100) Subject: dnsdist: Document certs/keys reloading for DoQ and DoH3 X-Git-Tag: dnsdist-1.9.0~6^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d1cfb3a10d68a661f3173447b5f43f71954fc19d;p=thirdparty%2Fpdns.git dnsdist: Document certs/keys reloading for DoQ and DoH3 --- diff --git a/pdns/dnsdistdist/docs/advanced/tls-certificates-management.rst b/pdns/dnsdistdist/docs/advanced/tls-certificates-management.rst index 02d335c9f7..af7d91d37f 100644 --- a/pdns/dnsdistdist/docs/advanced/tls-certificates-management.rst +++ b/pdns/dnsdistdist/docs/advanced/tls-certificates-management.rst @@ -26,7 +26,7 @@ which returns a :class:`TLSCertificate` object, which can then be passed to :fun .. code-block:: lua - newTLSCertificate("path/to/domain.p12", {password="passphrase"}) -- use a password protected PKCS12 file + myCertObject = newTLSCertificate("path/to/domain.p12", {password="passphrase"}) -- use a password protected PKCS12 file Reloading certificates ---------------------- @@ -48,6 +48,18 @@ The second allows a finer-grained, per-bind, approach: frontend:reloadCertificates() end + -- reload certificates and keys for DoQ binds: + for idx = 0, getDOQFrontendCount() - 1 do + frontend = getDOQFrontend(idx) + frontend:reloadCertificates() + end + + -- reload certificates and keys for DoH3 binds: + for idx = 0, getDOH3FrontendCount() - 1 do + frontend = getDOH3Frontend(idx) + frontend:reloadCertificates() + end + TLS sessions ------------ diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index 1c84e10d6c..8cf4b8370f 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -1120,13 +1120,37 @@ Status, Statistics and More .. versionadded:: 1.4.0 - Return the DOHFrontend object for the DNS over HTTPS bind of index ``idx``. + Return the :class:`DOHFrontend` object for the DNS over HTTPS bind of index ``idx``. .. function:: getDOHFrontendCount() .. versionadded:: 1.5.0 - Return the number of DOHFrontend binds. + Return the number of :class:`DOHFrontend` binds. + +.. function:: getDOH3Frontend(idx) + + .. versionadded:: 1.9.0 + + Return the :class:`DOH3Frontend` object for the DNS over HTTP3 bind of index ``idx``. + +.. function:: getDOH3FrontendCount() + + .. versionadded:: 1.9.0 + + Return the number of :class:`DOH3Frontend` binds. + +.. function:: getDOQFrontend(idx) + + .. versionadded:: 1.9.0 + + Return the :class:`DOQFrontend` object for the DNS over QUIC bind of index ``idx``. + +.. function:: getDOQFrontendCount() + + .. versionadded:: 1.9.0 + + Return the number of :class:`DOQFrontend` binds. .. function:: getListOfAddressesOfNetworkInterface(itf) @@ -2212,6 +2236,32 @@ DOHFrontend :param str content: The content of the HTTP response, or a URL if the status is a redirection (3xx). :param table of headers: The custom headers to set for the HTTP response, if any. The default is to use the value of the ``customResponseHeaders`` parameter passed to :func:`addDOHLocal`. +DOH3Frontend +~~~~~~~~~~~ + +.. class:: DOH3Frontend + + .. versionadded:: 1.9.0 + + This object represents an address and port dnsdist is listening on for DNS over HTTP3 queries. + + .. method:: DOH3Frontend:reloadCertificates() + + Reload the current TLS certificate and key pairs. + +DOQFrontend +~~~~~~~~~~~ + +.. class:: DOQFrontend + + .. versionadded:: 1.9.0 + + This object represents an address and port dnsdist is listening on for DNS over QUIC queries. + + .. method:: DOQFrontend:reloadCertificates() + + Reload the current TLS certificate and key pairs. + LuaRingEntry ~~~~~~~~~~~~