From: Bagas Sanjaya <bagasdotme@gmail.com>
Date: Wed, 2 Jul 2025 23:31:21 +0000 (+0700)
Subject: dnsdist: Add YAML version of DoT configurations
X-Git-Tag: rec-5.3.0-alpha2~12^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F15768%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Add YAML version of DoT configurations

Convert incoming and outgoing DoT lua snippets to YAML format.

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
---

diff --git a/pdns/dnsdistdist/docs/guides/dns-over-tls.rst b/pdns/dnsdistdist/docs/guides/dns-over-tls.rst
index 1eaf00f898..48815bbed3 100644
--- a/pdns/dnsdistdist/docs/guides/dns-over-tls.rst
+++ b/pdns/dnsdistdist/docs/guides/dns-over-tls.rst
@@ -12,6 +12,18 @@ Adding a listen port for DNS-over-TLS can be done with the :func:`addTLSLocal` f
 
   addTLSLocal('192.0.2.55', '/etc/ssl/certs/example.com.pem', '/etc/ssl/private/example.com.key')
 
+Or in ``yaml``:
+
+.. code-block:: yaml
+
+  binds:
+    - listen_address: "192.0.2.55"
+      protocol: "DoT"
+      tls:
+        certificates:
+          - certificate: "/etc/ssl/certs/example.com.pem"
+            key: "/etc/ssl/certs/example.com.key"
+
 This will make :program:`dnsdist` listen on 192.0.2.55:853 on TCP, and will use the provided certificate and key to serve incoming TLS connections.
 
 In order to support multiple certificates and keys, for example an ECDSA and an RSA one, the following syntax may be used instead::
@@ -46,6 +58,17 @@ Such that support can be enabled via the ``tls`` parameter of the :func:`newServ
 
   newServer({address="[2001:DB8::1]:853", tls="openssl", subjectName="dot.powerdns.com", validateCertificates=true})
 
+The same backend configuration in ``yaml``:
+
+.. code-block:: yaml
+
+   backends:
+     - address: "[2001:DB8::1]:853"
+       protocol: "DoT"
+       tls:
+         - provider: "OpenSSL"
+           subject_name: "dot.powerdns.com"
+           validate_certificate: true
 
 Investigating issues
 --------------------