Reload TSIG secrets on Server struct

[Fattouche]

Right now when create a new server with TSIG it follows the pattern:

server := &dns.Server{Addr: ":53", Net: "udp"}
server.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
go server.ListenAndServe()
dns.HandleFunc(".", handleRequest)

This is fine if the server.TsigSecret never changes, however what happens if you want to add new tsigs with zero downtime. How do you do this without causing a race condition? I want to be able to just edit the tsigSecret map while the server is serving requests. Is this possible in anyway?

Thanks!

[miekg]

no this is not possible. I'm not sure if there is a performant/backwards compatible fix to make it work.

[miekg]

starting/stopping a single dns instance should not impact your DNS; if it does and you require zero downtime you probably want to run on multiple machines

[Fattouche]

I think if this was a syncMap instead of a regular map, this problem would go away wouldn't it? I think it pretty much just reads from the map as usual. The rolling restart may be a good option for the time being though.

[miekg]

[ Quoting <[email protected]> in "Re: [miekg/dns] Reload TSIG secrets..." ]

I think if this was a syncMap instead of a regular map, this problem would go away wouldn't it? I think it pretty much just reads from the map as usual. The rolling restart may be a good option for the time being though.

likely, but that change is not backwards compatible

[Fattouche]

Yea makes sense, thanks!