From a6f943246d62b48631b2a8ba393909cea95997e3 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Thu, 5 Mar 2020 15:28:56 +0100 Subject: [PATCH] dnsdist: Change the default DoH path from / to /dns-query --- pdns/dnsdist-lua.cc | 2 +- pdns/dnsdistdist/docs/reference/config.rst | 3 ++- pdns/dnsdistdist/docs/upgrade_guide.rst | 2 +- regression-tests.dnsdist/test_DOH.py | 4 ++-- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 9e104868d5..2499e56045 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1862,7 +1862,7 @@ static void setupLuaConfig(bool client, bool configCheck) } } else { - frontend->d_urls = {"/"}; + frontend->d_urls = {"/dns-query"}; } bool reusePort = false; diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index 7b2d484171..8599e10f3c 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -110,6 +110,7 @@ Listen Sockets .. versionchanged:: 1.5.0 ``sendCacheControlHeaders``, ``sessionTimeout`` options added. + ``url`` now defaults to ``/dns-query`` instead of ``/`` Listen on the specified address and TCP port for incoming DNS over HTTPS connections, presenting the specified X.509 certificate. If no certificate (or key) files are specified, listen for incoming DNS over HTTP connections instead. @@ -118,7 +119,7 @@ Listen Sockets The default port is 443. :param str certFile(s): The path to a X.509 certificate file in PEM format, or a list of paths to such files. :param str keyFile(s): The path to the private key file corresponding to the certificate, or a list of paths to such files, whose order should match the certFile(s) ones. - :param str-or-list urls: A base URL, or a list of base URLs, to accept queries on. Any query with a path under one of these will be treated as a DoH query. The default is /. + :param str-or-list urls: A base URL, or a list of base URLs, to accept queries on. Any query with a path under one of these will be treated as a DoH query. The default is /dns-query. :param table options: A table with key: value pairs with listen options. Options: diff --git a/pdns/dnsdistdist/docs/upgrade_guide.rst b/pdns/dnsdistdist/docs/upgrade_guide.rst index d7349f7249..b5e62f02ab 100644 --- a/pdns/dnsdistdist/docs/upgrade_guide.rst +++ b/pdns/dnsdistdist/docs/upgrade_guide.rst @@ -4,7 +4,7 @@ Upgrade Guide 1.4.0 to 1.5.x -------------- -DOH endpoints specified in the fourth parameter of :func:`addDOHLocal` are now specified as exact URLs instead of path prefixes``` +DOH endpoints specified in the fourth parameter of :func:`addDOHLocal` are now specified as exact URLs instead of path prefixes. The default endpoint also switched from ``/`` to ``/dns-query``. For example, ``addDOHLocal('2001:db8:1:f00::1', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key', { "/dns-query" })`` will now only accept queries for ``/dns-query`` and no longer for ``/dns-query/foo/bar``. The systemd service-file that is installed no longer uses the ``root`` user to start. It uses the user and group set with the ``--with-service-user`` and ``--with-service-group`` switches during diff --git a/regression-tests.dnsdist/test_DOH.py b/regression-tests.dnsdist/test_DOH.py index ec60470bda..f7d2f4f3c8 100644 --- a/regression-tests.dnsdist/test_DOH.py +++ b/regression-tests.dnsdist/test_DOH.py @@ -720,7 +720,7 @@ class TestDOHOverHTTP(DNSDistDOHTest): _dohServerPort = 8480 _serverName = 'tls.tests.dnsdist.org' - _dohBaseURL = ("http://%s:%d/" % (_serverName, _dohServerPort)) + _dohBaseURL = ("http://%s:%d/dns-query" % (_serverName, _dohServerPort)) _config_template = """ newServer{address="127.0.0.1:%s"} addDOHLocal("127.0.0.1:%s") @@ -788,7 +788,7 @@ class TestDOHWithCache(DNSDistDOHTest): _serverName = 'tls.tests.dnsdist.org' _caCert = 'ca.pem' _dohServerPort = 8443 - _dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort)) + _dohBaseURL = ("https://%s:%d/dns-query" % (_serverName, _dohServerPort)) _config_template = """ newServer{address="127.0.0.1:%s"} -- 2.47.2