mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-01 15:05:23 +00:00
BIND: use Stream DNS for DNS over TLS connections
This commit makes BIND use the new Stream DNS transport for DNS over TLS.
This commit is contained in:
Artem Boldariev
@@ -256,7 +256,7 @@ run(void) {
|
|||||||
case DOT: {
|
case DOT: {
|
||||||
isc_tlsctx_createserver(NULL, NULL, &tls_ctx);
|
isc_tlsctx_createserver(NULL, NULL, &tls_ctx);
|
||||||
|
|
||||||
result = isc_nm_listentlsdns(
|
result = isc_nm_listenstreamdns(
|
||||||
netmgr, ISC_NM_LISTEN_ALL, &sockaddr, read_cb, NULL,
|
netmgr, ISC_NM_LISTEN_ALL, &sockaddr, read_cb, NULL,
|
||||||
accept_cb, NULL, 0, NULL, tls_ctx, &sock);
|
accept_cb, NULL, 0, NULL, tls_ctx, &sock);
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -964,9 +964,9 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
|
|||||||
goto failure;
|
goto failure;
|
||||||
}
|
}
|
||||||
INSIST(tlsctx != NULL);
|
INSIST(tlsctx != NULL);
|
||||||
isc_nm_tlsdnsconnect(xfr->netmgr, &xfr->sourceaddr,
|
isc_nm_streamdnsconnect(xfr->netmgr, &xfr->sourceaddr,
|
||||||
&xfr->primaryaddr, xfrin_connect_done,
|
&xfr->primaryaddr, xfrin_connect_done,
|
||||||
connect_xfr, 30000, tlsctx, sess_cache);
|
connect_xfr, 30000, tlsctx, sess_cache);
|
||||||
} break;
|
} break;
|
||||||
default:
|
default:
|
||||||
UNREACHABLE();
|
UNREACHABLE();
|
||||||
|
|||||||
@@ -731,7 +731,7 @@ cfg_acl_fromconfig2(const cfg_obj_t *acl_data, const cfg_obj_t *cctx,
|
|||||||
} else if (strcasecmp(cfg_obj_asstring(obj_transport),
|
} else if (strcasecmp(cfg_obj_asstring(obj_transport),
|
||||||
"tls") == 0)
|
"tls") == 0)
|
||||||
{
|
{
|
||||||
transports = isc_nm_tlsdnssocket;
|
transports = isc_nm_streamdnssocket;
|
||||||
encrypted = true;
|
encrypted = true;
|
||||||
} else if (strcasecmp(cfg_obj_asstring(obj_transport),
|
} else if (strcasecmp(cfg_obj_asstring(obj_transport),
|
||||||
"http") == 0)
|
"http") == 0)
|
||||||
|
|||||||
@@ -543,7 +543,7 @@ static isc_result_t
|
|||||||
ns_interface_listentls(ns_interface_t *ifp, isc_tlsctx_t *sslctx) {
|
ns_interface_listentls(ns_interface_t *ifp, isc_tlsctx_t *sslctx) {
|
||||||
isc_result_t result;
|
isc_result_t result;
|
||||||
|
|
||||||
result = isc_nm_listentlsdns(
|
result = isc_nm_listenstreamdns(
|
||||||
ifp->mgr->nm, ISC_NM_LISTEN_ALL, &ifp->addr, ns__client_request,
|
ifp->mgr->nm, ISC_NM_LISTEN_ALL, &ifp->addr, ns__client_request,
|
||||||
ifp, ns__client_tcpconn, ifp, ifp->mgr->backlog,
|
ifp, ns__client_tcpconn, ifp, ifp->mgr->backlog,
|
||||||
&ifp->mgr->sctx->tcpquota, sslctx, &ifp->tcplistensocket);
|
&ifp->mgr->sctx->tcpquota, sslctx, &ifp->tcplistensocket);
|
||||||
|
|||||||
@@ -11962,7 +11962,9 @@ ns_query_start(ns_client_t *client, isc_nmhandle_t *handle) {
|
|||||||
query_error(client, DNS_R_NOTIMP, __LINE__);
|
query_error(client, DNS_R_NOTIMP, __LINE__);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (isc_nm_socket_type(handle) == isc_nm_tlsdnssocket &&
|
if (isc_nm_socket_type(handle) ==
|
||||||
|
isc_nm_streamdnssocket &&
|
||||||
|
isc_nm_has_encryption(handle) &&
|
||||||
!isc_nm_xfr_allowed(handle))
|
!isc_nm_xfr_allowed(handle))
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
|
|||||||
Reference in New Issue
Block a user