Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Fix key logging for DNS over TLS #8787

merged 2 commits into from Feb 7, 2020


Copy link

@rgacogne rgacogne commented Feb 6, 2020

Short description

It turns out that the keyLogFile directive was ignored for DNS over TLS, while correctly working with DNS over HTTPS. I know I tested both when writing the code for #8442 but I guess the DoT part was lost in a refactoring at some point before opening the PR :-/
This PR also makes the feature more usable by flushing the key material to the file right away, so we don't have to wait for the buffer to get flushed.


I have:

  • read the document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

rgacogne added 2 commits Feb 6, 2020
This feature is used to debug TLS flows, we don't really care about
the performance in that case and we want to have access to the keys
as soon as possible, without waiting for a buffer to be flushed.
@rgacogne rgacogne added this to the dnsdist-1.4.x milestone Feb 6, 2020
@rgacogne rgacogne merged commit 546b120 into PowerDNS:master Feb 7, 2020
24 of 25 checks passed
@rgacogne rgacogne deleted the ddist-tls-key-log-file branch Feb 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

Successfully merging this pull request may close these issues.

None yet

1 participant