From: Artem Boldariev Date: Tue, 29 Nov 2022 16:15:54 +0000 (+0200) Subject: BIND: use Stream DNS for DNS over TLS connections X-Git-Tag: v9.19.9~68^2~19 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=03e33a014c88ba81d7b362627f6f99073b57feee;p=thirdparty%2Fbind9.git BIND: use Stream DNS for DNS over TLS connections This commit makes BIND use the new Stream DNS transport for DNS over TLS. --- diff --git a/bin/tests/test_server.c b/bin/tests/test_server.c index 05a3c0b13e0..3ff507c28c1 100644 --- a/bin/tests/test_server.c +++ b/bin/tests/test_server.c @@ -256,7 +256,7 @@ run(void) { case DOT: { isc_tlsctx_createserver(NULL, NULL, &tls_ctx); - result = isc_nm_listentlsdns( + result = isc_nm_listenstreamdns( netmgr, ISC_NM_LISTEN_ALL, &sockaddr, read_cb, NULL, accept_cb, NULL, 0, NULL, tls_ctx, &sock); break; diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c index fdf2d03f506..b2c102b4799 100644 --- a/lib/dns/xfrin.c +++ b/lib/dns/xfrin.c @@ -964,9 +964,9 @@ xfrin_start(dns_xfrin_ctx_t *xfr) { goto failure; } INSIST(tlsctx != NULL); - isc_nm_tlsdnsconnect(xfr->netmgr, &xfr->sourceaddr, - &xfr->primaryaddr, xfrin_connect_done, - connect_xfr, 30000, tlsctx, sess_cache); + isc_nm_streamdnsconnect(xfr->netmgr, &xfr->sourceaddr, + &xfr->primaryaddr, xfrin_connect_done, + connect_xfr, 30000, tlsctx, sess_cache); } break; default: UNREACHABLE(); diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c index 289c177a8d3..c9806732678 100644 --- a/lib/isccfg/aclconf.c +++ b/lib/isccfg/aclconf.c @@ -731,7 +731,7 @@ cfg_acl_fromconfig2(const cfg_obj_t *acl_data, const cfg_obj_t *cctx, } else if (strcasecmp(cfg_obj_asstring(obj_transport), "tls") == 0) { - transports = isc_nm_tlsdnssocket; + transports = isc_nm_streamdnssocket; encrypted = true; } else if (strcasecmp(cfg_obj_asstring(obj_transport), "http") == 0) diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c index dc86e2e9753..22b54cce260 100644 --- a/lib/ns/interfacemgr.c +++ b/lib/ns/interfacemgr.c @@ -543,7 +543,7 @@ static isc_result_t ns_interface_listentls(ns_interface_t *ifp, isc_tlsctx_t *sslctx) { isc_result_t result; - result = isc_nm_listentlsdns( + result = isc_nm_listenstreamdns( ifp->mgr->nm, ISC_NM_LISTEN_ALL, &ifp->addr, ns__client_request, ifp, ns__client_tcpconn, ifp, ifp->mgr->backlog, &ifp->mgr->sctx->tcpquota, sslctx, &ifp->tcplistensocket); diff --git a/lib/ns/query.c b/lib/ns/query.c index 71f0db8f9ee..5bcbe7bb63d 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -11962,7 +11962,9 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) { query_error(client, DNS_R_NOTIMP, __LINE__); return; } - if (isc_nm_socket_type(handle) == isc_nm_tlsdnssocket && + if (isc_nm_socket_type(handle) == + isc_nm_streamdnssocket && + isc_nm_has_encryption(handle) && !isc_nm_xfr_allowed(handle)) { /*