From def4733d1eb32c80ccc79f7f6ed39ab7be49f33f Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 30 Jun 2025 15:15:46 +0200
Subject: [PATCH] dnsdist: Error on unsupported backend protocols from YAML

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
---
 pdns/dnsdistdist/dnsdist-configuration-yaml.cc | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
index e2010a71ab..3cb801547d 100644
--- a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
+++ b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
@@ -448,6 +448,17 @@ static std::shared_ptr<DownstreamState> createBackendFromConfiguration(const dns
   const auto& tlsConf = config.tls;
   auto protocol = boost::to_lower_copy(std::string(config.protocol));
   if (protocol == "dot" || protocol == "doh") {
+#if !defined(HAVE_DNS_OVER_TLS)
+    if (protocol == "dot") {
+      throw std::runtime_error("Backend " + std::string(config.address) + " is configured to use DNS over TLS but DoT support is not available");
+    }
+#endif /* HAVE_DNS_OVER_TLS */
+#if !defined(HAVE_DNS_OVER_HTTPS)
+    if (protocol == "doh") {
+      throw std::runtime_error("Backend " + std::string(config.address) + " is configured to use DNS over HTTPS but DoH support is not available");
+    }
+#endif /* HAVE_DNS_OVER_HTTPS */
+
     backendConfig.d_tlsParams.d_provider = std::string(tlsConf.provider);
     backendConfig.d_tlsParams.d_ciphers = std::string(tlsConf.ciphers);
     backendConfig.d_tlsParams.d_ciphers13 = std::string(tlsConf.ciphers_tls_13);
-- 
2.47.2