dnsdist: Document that SNIRule will not work with h2o <= 2.3.0-beta

diff --git a/pdns/dnsdistdist/docs/reference/dq.rst b/pdns/dnsdistdist/docs/reference/dq.rst
index d8f37c51bae6028ef2d3c1502cc48628eeb957b5..c19d6dad9bfbbbb0d46e3eec1a2aa5e6367a2ee5 100644 (file)
--- a/pdns/dnsdistdist/docs/reference/dq.rst
+++ b/pdns/dnsdistdist/docs/reference/dq.rst
@@ -96,7 +96,8 @@ This state can be modified from the various hooks.
 
     .. versionadded:: 1.4.0
 
-    Return the TLS Server Name Indication (SNI) value sent by the client over DoT or DoH, if any
+    Return the TLS Server Name Indication (SNI) value sent by the client over DoT or DoH, if any. See :func:`SNIRule`
+    for more information, especially about the availability of SNI over DoH.
 
     :returns: A string containing the TLS SNI value, if any
 

diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst
index 546063d311bc1e4aedfb42ba9379d4a87932d5a7..746776da747a933ef7b5af80ea4b7d3770310d95 100644 (file)
--- a/pdns/dnsdistdist/docs/rules-actions.rst
+++ b/pdns/dnsdistdist/docs/rules-actions.rst
@@ -760,8 +760,10 @@ These ``DNSRule``\ s be one of the following items:
   .. versionadded:: 1.4.0
 
   Matches against the TLS Server Name Indication value sent by the client, if any. Only makes
-  sense for DoT or DoH, and for that last one matching on the HTTP Host header might provide
-  more consistent results.
+  sense for DoT or DoH, and for that last one matching on the HTTP Host header using :func:`HTTPHeaderRule`
+  might provide more consistent results.
+  As of the version 2.3.0-beta of h2o, it is unfortunately not possible to extract the SNI value from DoH
+  connections, and it is therefore necessary to use the HTTP Host header until version 2.3.0 is released.
 
   :param str name: The exact SNI name to match.