Remove the TLS fallback strategy
After some thoughts, I realized that the fallback should be made by who is using the client, as it will need to change the port (from 853 to 53). This would also remove from the library the complexity of storing the recursive nameservers that aren't working well with TLS (draft-ietf-dprive-dns-over-tls, section 3.1). See #297
This commit is contained in:
parent
020f925824
commit
ab77ae6734
19
client.go
19
client.go
|
@ -161,7 +161,6 @@ func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro
|
|||
network = c.Net
|
||||
}
|
||||
|
||||
connect:
|
||||
if c.TLS {
|
||||
// TLS connection is always TCP
|
||||
co, err = DialTimeoutWithTLS("tcp", a, c.TLSConfig, c.dialTimeout())
|
||||
|
@ -169,23 +168,7 @@ connect:
|
|||
co, err = DialTimeout(network, a, c.dialTimeout())
|
||||
}
|
||||
|
||||
// TODO(rafaeljusto)
|
||||
//
|
||||
// draft-ietf-dprive-dns-over-tls (section 3.1)
|
||||
//
|
||||
// DNS clients SHOULD remember server IP addresses that don't support
|
||||
// DNS-over-TLS, including timeouts, connection refusals, and TLS
|
||||
// handshake failures, and not request DNS-over-TLS from them for a
|
||||
// reasonable period (such as one hour per server). DNS clients
|
||||
// following an out-of-band key-pinned privacy profile MAY be more
|
||||
// aggressive about retrying DNS-over-TLS connection failures.
|
||||
if err != nil && c.TLS {
|
||||
// TODO(rafaeljusto)
|
||||
// Log the error somewhere or just ignore it?
|
||||
c.TLS = false
|
||||
goto connect
|
||||
|
||||
} else if err != nil {
|
||||
if err != nil {
|
||||
return nil, 0, err
|
||||
}
|
||||
defer co.Close()
|
||||
|
|
Loading…
Reference in New Issue