dns_request_t *request;
uint32_t which;
isc_sockaddr_t addr;
+ dns_transport_t *transport;
dns_updatecallback_t callback;
void *callback_arg;
unsigned int options;
if (forward->msgbuf != NULL) {
isc_buffer_free(&forward->msgbuf);
}
+ if (forward->transport != NULL) {
+ dns_transport_detach(&forward->transport);
+ }
if (forward->zone != NULL) {
LOCK(&forward->zone->lock);
if (ISC_LINK_LINKED(forward, link)) {
isc_result_t result;
isc_sockaddr_t src;
isc_dscp_t dscp = -1;
+ dns_zone_t *zone = forward->zone;
+ bool tls_transport_invalid = false;
- LOCK_ZONE(forward->zone);
+ LOCK_ZONE(zone);
- if (DNS_ZONE_FLAG(forward->zone, DNS_ZONEFLG_EXITING)) {
- UNLOCK_ZONE(forward->zone);
+ if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
+ UNLOCK_ZONE(zone);
return (ISC_R_CANCELED);
}
- if (forward->which >= forward->zone->primariescnt) {
- UNLOCK_ZONE(forward->zone);
+ if (forward->which >= zone->primariescnt) {
+ UNLOCK_ZONE(zone);
return (ISC_R_NOMORE);
}
- forward->addr = forward->zone->primaries[forward->which];
+ forward->addr = zone->primaries[forward->which];
/*
* Always use TCP regardless of whether the original update
* used TCP.
*/
switch (isc_sockaddr_pf(&forward->addr)) {
case PF_INET:
- src = forward->zone->xfrsource4;
- dscp = forward->zone->xfrsource4dscp;
+ src = zone->xfrsource4;
+ dscp = zone->xfrsource4dscp;
break;
case PF_INET6:
- src = forward->zone->xfrsource6;
- dscp = forward->zone->xfrsource6dscp;
+ src = zone->xfrsource6;
+ dscp = zone->xfrsource6dscp;
break;
default:
result = ISC_R_NOTIMPLEMENTED;
goto unlock;
}
+
+ if (forward->transport != NULL) {
+ dns_transport_detach(&forward->transport);
+ }
+
+ if (zone->primarytlsnames != NULL &&
+ zone->primarytlsnames[forward->which] != NULL)
+ {
+ dns_view_t *view = dns_zone_getview(zone);
+ dns_name_t *tlsname = zone->primarytlsnames[zone->curprimary];
+
+ result = dns_view_gettransport(view, DNS_TRANSPORT_TLS, tlsname,
+ &forward->transport);
+
+ if (result != ISC_R_SUCCESS) {
+ /* Log the error message when unlocked. */
+ tls_transport_invalid = true;
+ goto unlock;
+ }
+ }
+
result = dns_request_createraw(
forward->zone->view->requestmgr, forward->msgbuf, &src,
- &forward->addr, NULL, NULL, dscp, forward->options,
- 15 /* XXX */, 0, 0, forward->zone->task, forward_callback,
- forward, &forward->request);
+ &forward->addr, forward->transport, zone->zmgr->tlsctx_cache,
+ dscp, forward->options, 15 /* XXX */, 0, 0, forward->zone->task,
+ forward_callback, forward, &forward->request);
if (result == ISC_R_SUCCESS) {
if (!ISC_LINK_LINKED(forward, link)) {
- ISC_LIST_APPEND(forward->zone->forwards, forward, link);
+ ISC_LIST_APPEND(zone->forwards, forward, link);
}
}
unlock:
- UNLOCK_ZONE(forward->zone);
+ UNLOCK_ZONE(zone);
+
+ if (tls_transport_invalid) {
+ dns_zone_log(zone, ISC_LOG_ERROR,
+ "could not get TLS configuration "
+ "for dynamic update: %s",
+ isc_result_totext(result));
+ }
+
return (result);
}
REQUIRE(callback != NULL);
forward = isc_mem_get(zone->mctx, sizeof(*forward));
-
- forward->request = NULL;
- forward->zone = NULL;
- forward->msgbuf = NULL;
- forward->which = 0;
- forward->mctx = 0;
- forward->callback = callback;
- forward->callback_arg = callback_arg;
+ *forward = (dns_forward_t){ .callback = callback,
+ .callback_arg = callback_arg,
+ .options = DNS_REQUESTOPT_TCP };
ISC_LINK_INIT(forward, link);
forward->magic = FORWARD_MAGIC;
- forward->options = DNS_REQUESTOPT_TCP;
+
/*
* If we have a SIG(0) signed message we need to preserve the
* query id as that is included in the SIG(0) computation.
projects / thirdparty / bind9.git / commitdiff
