From ab77ae673483660e863761fa5caeb55f17b6ea92 Mon Sep 17 00:00:00 2001 From: Rafael Dantas Justo Date: Thu, 7 Jan 2016 13:36:36 -0200 Subject: [PATCH] Remove the TLS fallback strategy After some thoughts, I realized that the fallback should be made by who is using the client, as it will need to change the port (from 853 to 53). This would also remove from the library the complexity of storing the recursive nameservers that aren't working well with TLS (draft-ietf-dprive-dns-over-tls, section 3.1). See #297 --- client.go | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/client.go b/client.go index 7c7e32df..508d35c3 100644 --- a/client.go +++ b/client.go @@ -161,7 +161,6 @@ func (c *Client) exchange(m *Msg, a string) (r *Msg, rtt time.Duration, err erro network = c.Net } -connect: if c.TLS { // TLS connection is always TCP co, err = DialTimeoutWithTLS("tcp", a, c.TLSConfig, c.dialTimeout()) @@ -169,23 +168,7 @@ connect: co, err = DialTimeout(network, a, c.dialTimeout()) } - // TODO(rafaeljusto) - // - // draft-ietf-dprive-dns-over-tls (section 3.1) - // - // DNS clients SHOULD remember server IP addresses that don't support - // DNS-over-TLS, including timeouts, connection refusals, and TLS - // handshake failures, and not request DNS-over-TLS from them for a - // reasonable period (such as one hour per server). DNS clients - // following an out-of-band key-pinned privacy profile MAY be more - // aggressive about retrying DNS-over-TLS connection failures. - if err != nil && c.TLS { - // TODO(rafaeljusto) - // Log the error somewhere or just ignore it? - c.TLS = false - goto connect - - } else if err != nil { + if err != nil { return nil, 0, err } defer co.Close()