This commit adds necessary PROXYv2 configuration options checks.
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ listen-on proxy encrypted { 10.53.0.1; };
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+http local-http-server {
+ endpoints { "/dns-query"; };
+ listener-clients 100;
+ streams-per-connection 100;
+};
+
+options {
+ listen-on port 8080 proxy encrypted tls none http local-http-server { 10.53.0.1; };
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+ protocols { TLSv1.2; };
+ key-file "key.pem";
+ cert-file "cert.pem";
+ dhparam-file "dhparam.pem";
+ ciphers "HIGH:!aNULL:!MD5:!RC4";
+ prefer-server-ciphers yes;
+ session-tickets no;
+};
+
+http local-http-server {
+ endpoints { "/dns-query"; };
+ listener-clients 100;
+ streams-per-connection 100;
+};
+
+options {
+ allow-proxy { any; };
+ allow-proxy-on { any; };
+ listen-on port 443 proxy encrypted tls local-tls http local-http-server { 10.53.0.1; };
+ listen-on port 4430 proxy plain tls local-tls http local-http-server { 10.53.0.1; };
+ listen-on port 8080 proxy plain tls none http local-http-server { 10.53.0.1; };
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+ protocols { TLSv1.2; };
+ key-file "key.pem";
+ cert-file "cert.pem";
+ dhparam-file "dhparam.pem";
+ ciphers "HIGH:!aNULL:!MD5:!RC4";
+ prefer-server-ciphers yes;
+ session-tickets no;
+};
+
+options {
+ allow-proxy { any; };
+ allow-proxy-on { any; };
+ listen-on proxy plain { 10.53.0.1; };
+ listen-on port 853 proxy encrypted tls local-tls { 10.53.0.1; };
+ listen-on port 8530 proxy plain tls local-tls { 10.53.0.1; };
+};
case $good in
good-doh-*.conf) continue ;;
good-dot-*.conf) continue ;;
+ good-proxy-*doh*.conf) continue ;;
+ bad-proxy-*doh*.conf) continue ;;
esac
fi
{
projects / thirdparty / bind9.git / commitdiff
