On 10/2/25 12:18, Marco Davids (SIDN) via dnsdist wrote:
Got it and that makes sense. Maybe worth updating the docs to mention this important detail?
Oh, yeah, that makes sense indeed! > But isn't the urls parameter needed to make that work?It is needed because dnsdist will discard everything that is not allowed by "urls" for DoH, even before processing the response maps. One option is to configure urls to allow everything below "/".
Since newDOHResponseMapEntry accepts a regex I was wondering...Wouldn't it be cool if we could reference the match from a regex (e.g. $1) in the content string, if at all possible to do?That way, we could use the dynamic part of the URL (e.g. the token in an ACME challenge request)in a response. Like this for example: `^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$` content string: https://example.nl/.well-known/acme-challenge/$1 Perhaps there are other possible use cases as well. Hope that makes sense.
It does! Would you mind opening a feature request on our GitHub for that so we don't forget? We'll have a look when we get to implementing response maps for DoH3.
Cheers, -- Remi
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/dnsdist
