From dc777d96b2fedd5a33fbb94a8571ba1c0d11d284 Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Tue, 19 Apr 2022 09:57:23 +0200
Subject: [PATCH] Decide to use Dot earlier.

To keep the nsspeed table good, we need to decide to use DoT earlier.
Now the lookup and updats of the speed table occur in a proper way
(using the port that is actually used for the connetion) and when
we switch from/to DoT, the old nsspeeds are cleared by the already
existing code.
---
 pdns/syncres.cc | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 60f94119b3..deb87f6c22 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -326,6 +326,7 @@ static LockGuarded<DoTMap> s_dotMap;
 
 static const time_t dotFailWait = 24 * 3600;
 static const time_t dotSuccessWait = 3 * 24 * 3600;
+static bool shouldDoDoT(ComboAddress address, time_t now);
 
 unsigned int SyncRes::s_maxnegttl;
 unsigned int SyncRes::s_maxbogusttl;
@@ -1028,7 +1029,7 @@ uint64_t SyncRes::doDumpNSSpeeds(int fd)
     fprintf(fp.get(), "%s\t%s\t", i.d_name.toLogString().c_str(), timestamp(i.d_lastget, tmp, sizeof(tmp)));
     for (const auto& j : i.d_collection) {
       // typedef vector<pair<ComboAddress, DecayingEwma> > collection_t;
-      fprintf(fp.get(), "%s/%f\t", j.first.toString().c_str(), j.second.peek());
+      fprintf(fp.get(), "%s/%f\t", j.first.toStringWithPortExcept(53).c_str(), j.second.peek());
     }
     fprintf(fp.get(), "\n");
   }
@@ -1915,6 +1916,13 @@ vector<ComboAddress> SyncRes::getAddrs(const DNSName &qname, unsigned int depth,
   setCacheOnly(oldCacheOnly);
   d_followCNAME = oldFollowCNAME;
 
+  if (s_max_busy_dot_probes > 0 && s_dot_to_port_853) {
+    for (auto& add : ret) {
+      if (shouldDoDoT(add, d_now.tv_sec)) {
+        add.setPort(853);
+      }
+    }
+  }
   /* we need to remove from the nsSpeeds collection the existing IPs
      for this nameserver that are no longer in the set, even if there
      is only one or none at all in the current set.
@@ -5368,10 +5376,6 @@ int SyncRes::doResolveAt(NsSet &nameservers, DNSName auth, bool flawedNSSet, con
           if (SyncRes::s_dot_to_port_853 && remoteIP->getPort() == 853) {
             doDoT = true;
           }
-          if (!doDoT && s_max_busy_dot_probes > 0 && shouldDoDoT(*remoteIP, d_now.tv_sec)) {
-            remoteIP->setPort(853);
-            doDoT = true;
-          }
           bool forceTCP = doDoT;
 
           if (!doDoT && s_max_busy_dot_probes > 0) {
-- 
2.47.2