pdns icon indicating copy to clipboard operation
pdns copied to clipboard
verified publisher icon PowerDNS

dnsdist: skip DoT/DoH frontend when a tls configuration error occurs

Open chbruyand opened this issue 3 years ago • 1 comments

Short description

Currently, dnsdist exits when encountering an error in the DoT/DoH configuration (such as files for keys are not found or readable).

This PR is a proposal to skip the DoT/DoH frontend configuration and to continue launching anyway.

Checklist

I have:

  • [x] read the CONTRIBUTING.md document
  • [x] compiled this code
  • [x] tested this code
  • [ ] included documentation (including possible behaviour changes)
  • [ ] documented the code
  • [ ] added or modified regression test(s)
  • [ ] added or modified unit test(s)
  • [ ] checked that this code was merged to master

chbruyand avatar Jun 02 '22 10:06 chbruyand

Thinking about this a bit more, I think we would need to move the loading of the certificate and keys earlier in the process, likely in add*Local(), if we want to be able to bail out if something goes wrong without leaving invalid objects around.

rgacogne avatar Jun 17 '22 09:06 rgacogne