diff options
author | Lennart Poettering <lennart@poettering.net> | 2021-11-22 18:32:57 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2021-11-22 22:33:40 +0100 |
commit | e1158539e70310a7bb39d5a0c3411932f5caa6d0 (patch) | |
tree | 296a3a8b6f785e35bcc628e1eca2a99e9e6ffba0 /src/resolve/resolved-dns-transaction.c | |
parent | e2ef1e9aea24d89d1e92fa4675ddc330029b48bf (diff) | |
download | systemd-e1158539e70310a7bb39d5a0c3411932f5caa6d0.tar.gz |
resolved: lower connection timeout for DoT connections in opportunistic mode
Fixes: #20801
Diffstat (limited to 'src/resolve/resolved-dns-transaction.c')
-rw-r--r-- | src/resolve/resolved-dns-transaction.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 594ce5e27b..0cf9912712 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -673,6 +673,7 @@ static uint16_t dns_transaction_port(DnsTransaction *t) { } static int dns_transaction_emit_tcp(DnsTransaction *t) { + usec_t stream_timeout_usec = DNS_STREAM_DEFAULT_TIMEOUT_USEC; _cleanup_(dns_stream_unrefp) DnsStream *s = NULL; _cleanup_close_ int fd = -1; union sockaddr_union sa; @@ -708,6 +709,14 @@ static int dns_transaction_emit_tcp(DnsTransaction *t) { else fd = dns_scope_socket_tcp(t->scope, AF_UNSPEC, NULL, t->server, dns_transaction_port(t), &sa); + /* Lower timeout in DNS-over-TLS opportunistic mode. In environments where DoT is blocked + * without ICMP response overly long delays when contacting DoT servers are nasty, in + * particular if multiple DNS servers are defined which we try in turn and all are + * blocked. Hence, substantially lower the timeout in that case. */ + if (DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level) && + dns_server_get_dns_over_tls_mode(t->server) == DNS_OVER_TLS_OPPORTUNISTIC) + stream_timeout_usec = DNS_STREAM_OPPORTUNISTIC_TLS_TIMEOUT_USEC; + type = DNS_STREAM_LOOKUP; break; @@ -745,7 +754,7 @@ static int dns_transaction_emit_tcp(DnsTransaction *t) { if (fd < 0) return fd; - r = dns_stream_new(t->scope->manager, &s, type, t->scope->protocol, fd, &sa); + r = dns_stream_new(t->scope->manager, &s, type, t->scope->protocol, fd, &sa, stream_timeout_usec); if (r < 0) return r; |