Fallback to normal connection if TLS fails

As described in document draft-ietf-dprive-dns-over-tls [1] we should fallback to normal connection (without TLS) if there's any error with the TLS connection. See #297 [1] http://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-02
2016-01-04 10:49:20 -02:00 · 2016-01-04 10:49:20 -02:00 · 124839738d
parent ce3e1286f2
commit 124839738d
1 changed files with 18 additions and 1 deletions
--- a/client.go
+++ b/client.go
@ -161,6 +161,7 @@ func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro
 		network = c.Net
 	}

+connect:
 	if c.TLS {
 		// TLS connection is always TCP
 		co, err = DialTimeoutWithTLS("tcp", a, c.TLSConfig, c.dialTimeout())
@ -168,7 +169,23 @@ func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro
 		co, err = DialTimeout(network, a, c.dialTimeout())
 	}

-	if err != nil {
+	// TODO(rafaeljusto)
+	//
+	// draft-ietf-dprive-dns-over-tls (section 3.1)
+	//
+	// DNS clients SHOULD remember server IP addresses that don't support
+	// DNS-over-TLS, including timeouts, connection refusals, and TLS
+	// handshake failures, and not request DNS-over-TLS from them for a
+	// reasonable period (such as one hour per server).  DNS clients
+	// following an out-of-band key-pinned privacy profile MAY be more
+	// aggressive about retrying DNS-over-TLS connection failures.
+	if err != nil && c.TLS {
+		// TODO(rafaeljusto)
+		// Log the error somewhere or just ignore it?
+		c.TLS = false
+		goto connect
+
+	} else if err != nil {
 		return nil, 0, err
 	}
 	defer co.Close()