From ba45a22c4a10608bcf47b155ca0efd169d35c095 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Mon, 20 May 2019 10:21:13 +0200 Subject: [PATCH] dnsdist: Document that SNIRule will not work with h2o <= 2.3.0-beta --- pdns/dnsdistdist/docs/reference/dq.rst | 3 ++- pdns/dnsdistdist/docs/rules-actions.rst | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pdns/dnsdistdist/docs/reference/dq.rst b/pdns/dnsdistdist/docs/reference/dq.rst index d8f37c51b..c19d6dad9 100644 --- a/pdns/dnsdistdist/docs/reference/dq.rst +++ b/pdns/dnsdistdist/docs/reference/dq.rst @@ -96,7 +96,8 @@ This state can be modified from the various hooks. .. versionadded:: 1.4.0 - Return the TLS Server Name Indication (SNI) value sent by the client over DoT or DoH, if any + Return the TLS Server Name Indication (SNI) value sent by the client over DoT or DoH, if any. See :func:`SNIRule` + for more information, especially about the availability of SNI over DoH. :returns: A string containing the TLS SNI value, if any diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst index 546063d31..746776da7 100644 --- a/pdns/dnsdistdist/docs/rules-actions.rst +++ b/pdns/dnsdistdist/docs/rules-actions.rst @@ -760,8 +760,10 @@ These ``DNSRule``\ s be one of the following items: .. versionadded:: 1.4.0 Matches against the TLS Server Name Indication value sent by the client, if any. Only makes - sense for DoT or DoH, and for that last one matching on the HTTP Host header might provide - more consistent results. + sense for DoT or DoH, and for that last one matching on the HTTP Host header using :func:`HTTPHeaderRule` + might provide more consistent results. + As of the version 2.3.0-beta of h2o, it is unfortunately not possible to extract the SNI value from DoH + connections, and it is therefore necessary to use the HTTP Host header until version 2.3.0 is released. :param str name: The exact SNI name to match. -- 2.40.0