dnsdist: Is there a way to start DoT for specific domain name (wild-card certificate)? #13828

ousatov-ua · 2024-02-25T09:51:30Z

ousatov-ua
Feb 25, 2024

Hi all!
Can you please help me?
I have a wild-card certificate: *.my-domain.name.
I want to start local DoT (addTLSLocal) for only specific domain requested:

client-1.my-domain.name
client-2.my-domain.name

Is there a way to do it?

Thank you in advance!

Answered by rgacogne

Feb 26, 2024

No, it's not possible to only listen for specific domains as we listen on an IP address and port. It is possible to filter queries during the rule processing on the TLS name requested by the client, see SNIRule: https://dnsdist.org/reference/selectors.html#SNIRule

View full answer

rgacogne · 2024-02-26T09:54:07Z

rgacogne
Feb 26, 2024
Maintainer

No, it's not possible to only listen for specific domains as we listen on an IP address and port. It is possible to filter queries during the rule processing on the TLS name requested by the client, see SNIRule: https://dnsdist.org/reference/selectors.html#SNIRule

0 replies

ousatov-ua · 2024-02-27T12:31:32Z

ousatov-ua
Feb 27, 2024
Author

@rgacogne Thank you!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dnsdist: Is there a way to start DoT for specific domain name (wild-card certificate)? #13828

{{title}}

Replies: 2 comments

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

dnsdist: Is there a way to start DoT for specific domain name (wild-card certificate)? #13828

ousatov-ua Feb 25, 2024

Replies: 2 comments

rgacogne Feb 26, 2024 Maintainer

ousatov-ua Feb 27, 2024 Author

ousatov-ua
Feb 25, 2024

rgacogne
Feb 26, 2024
Maintainer

ousatov-ua
Feb 27, 2024
Author