BIND - enable TLS SNI support for outgoing TLS connections

This commit ensures that BIND enables TLS SNI support for outgoing DoT
connections (when possible) in order to improve compatibility with
other DNS server software.

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 74080270acce3f259e4b27694444623b560b02c7..5484caffc94b40a030165974724338192ab9f0a8 100644 (file)
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -2005,10 +2005,16 @@ tcp_dispatch_connect(dns_dispatch_t *disp, dns_dispentry_t *resp) {
                              "connecting from %s to %s, timeout %u", localbuf,
                              peerbuf, resp->timeout);
 
+               char *hostname = NULL;
+               if (resp->transport != NULL) {
+                       hostname = dns_transport_get_remote_hostname(
+                               resp->transport);
+               }
+
                isc_nm_streamdnsconnect(disp->mgr->nm, &disp->local,
                                        &disp->peer, tcp_connected, disp,
-                                       resp->timeout, tlsctx, NULL, sess_cache,
-                                       ISC_NM_PROXY_NONE, NULL);
+                                       resp->timeout, tlsctx, hostname,
+                                       sess_cache, ISC_NM_PROXY_NONE, NULL);
                break;
 
        case DNS_DISPATCHSTATE_CONNECTING: