BIND: use Stream DNS for DNS over TLS connections

This commit makes BIND use the new Stream DNS transport for DNS over
TLS.

diff --git a/bin/tests/test_server.c b/bin/tests/test_server.c
index 05a3c0b13e0cd996e8922e3e4f70d7c591e12977..3ff507c28c15738dee9a4e9149c33dd57c2ee395 100644 (file)
--- a/bin/tests/test_server.c
+++ b/bin/tests/test_server.c
@@ -256,7 +256,7 @@ run(void) {
        case DOT: {
                isc_tlsctx_createserver(NULL, NULL, &tls_ctx);
 
-               result = isc_nm_listentlsdns(
+               result = isc_nm_listenstreamdns(
                        netmgr, ISC_NM_LISTEN_ALL, &sockaddr, read_cb, NULL,
                        accept_cb, NULL, 0, NULL, tls_ctx, &sock);
                break;

diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index fdf2d03f50677ad155de72d7237a8fad0ae266e5..b2c102b4799d645ecf495a3e211c98f1478d1c17 100644 (file)
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -964,9 +964,9 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
                        goto failure;
                }
                INSIST(tlsctx != NULL);
-               isc_nm_tlsdnsconnect(xfr->netmgr, &xfr->sourceaddr,
-                                    &xfr->primaryaddr, xfrin_connect_done,
-                                    connect_xfr, 30000, tlsctx, sess_cache);
+               isc_nm_streamdnsconnect(xfr->netmgr, &xfr->sourceaddr,
+                                       &xfr->primaryaddr, xfrin_connect_done,
+                                       connect_xfr, 30000, tlsctx, sess_cache);
        } break;
        default:
                UNREACHABLE();

diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c
index 289c177a8d3972b67c36dd07eaa93255a0539057..c98067326787ae9f2e1cd0877ee13f8cd132dffa 100644 (file)
--- a/lib/isccfg/aclconf.c
+++ b/lib/isccfg/aclconf.c
@@ -731,7 +731,7 @@ cfg_acl_fromconfig2(const cfg_obj_t *acl_data, const cfg_obj_t *cctx,
                        } else if (strcasecmp(cfg_obj_asstring(obj_transport),
                                              "tls") == 0)
                        {
-                               transports = isc_nm_tlsdnssocket;
+                               transports = isc_nm_streamdnssocket;
                                encrypted = true;
                        } else if (strcasecmp(cfg_obj_asstring(obj_transport),
                                              "http") == 0)

diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c
index dc86e2e9753a6726cd6a2276b9d62a8717c1b820..22b54cce26024f68f3430ed2b568b18787f58bd9 100644 (file)
--- a/lib/ns/interfacemgr.c
+++ b/lib/ns/interfacemgr.c
@@ -543,7 +543,7 @@ static isc_result_t
 ns_interface_listentls(ns_interface_t *ifp, isc_tlsctx_t *sslctx) {
        isc_result_t result;
 
-       result = isc_nm_listentlsdns(
+       result = isc_nm_listenstreamdns(
                ifp->mgr->nm, ISC_NM_LISTEN_ALL, &ifp->addr, ns__client_request,
                ifp, ns__client_tcpconn, ifp, ifp->mgr->backlog,
                &ifp->mgr->sctx->tcpquota, sslctx, &ifp->tcplistensocket);

diff --git a/lib/ns/query.c b/lib/ns/query.c
index 71f0db8f9eed06081c6e94d56818c04e8ebc4c9a..5bcbe7bb63d1b759862325131e6229eb8a83eb13 100644 (file)
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -11962,7 +11962,9 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
                                query_error(client, DNS_R_NOTIMP, __LINE__);
                                return;
                        }
-                       if (isc_nm_socket_type(handle) == isc_nm_tlsdnssocket &&
+                       if (isc_nm_socket_type(handle) ==
+                                   isc_nm_streamdnssocket &&
+                           isc_nm_has_encryption(handle) &&
                            !isc_nm_xfr_allowed(handle))
                        {
                                /*