BIND - enable TLS SNI support for outgoing TLS connections

This commit ensures that BIND enables TLS SNI support for outgoing DoT
connections (when possible) in order to improve compatibility with
other DNS server software.

(cherry picked from commit 740292d3ec6b9cc0906756067c35750903057bfb)

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index d59ebccbe50e2c48dc0cba4f254fac60e33ae63a..26294147e3aa4ba21d21cc24b7e4e0ef98bdc27d 100644 (file)
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -2007,10 +2007,16 @@ tcp_dispatch_connect(dns_dispatch_t *disp, dns_dispentry_t *resp) {
                              "connecting from %s to %s, timeout %u", localbuf,
                              peerbuf, resp->timeout);
 
+               char *hostname = NULL;
+               if (resp->transport != NULL) {
+                       hostname = dns_transport_get_remote_hostname(
+                               resp->transport);
+               }
+
                isc_nm_streamdnsconnect(disp->mgr->nm, &disp->local,
                                        &disp->peer, tcp_connected, disp,
-                                       resp->timeout, tlsctx, NULL, sess_cache,
-                                       ISC_NM_PROXY_NONE, NULL);
+                                       resp->timeout, tlsctx, hostname,
+                                       sess_cache, ISC_NM_PROXY_NONE, NULL);
                break;
 
        case DNS_DISPATCHSTATE_CONNECTING: