[Pkg-dns-devel] Bug#879079: knot-dnsutils: kdig +tls fails to call connect()
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Oct 19 16:06:18 UTC 2017
Control: tags 879079 + upstream patch
On Thu 2017-10-19 01:44:34 -0400, Daniel Kahn Gillmor wrote:
> kdig +short +tls -p 853 @199.58.81.218 -t a www.ietf.org
[...]
> I note that there appears to be no attempt to call connect() with the
> newer version -- no wonder it's not working!
>
> It seems to work for TCP and UDP, fwiw. Just not for TLS.
This seems to be related to TCP fast open, because the following command
works fine:
kdig +short +nofastopen +tls @dns.cmrg.net www.ietf.org
Upstream has a workaround for it here:
https://gitlab.labs.nic.cz/knot/knot-dns/commit/b72d5cd032795703a2834ebecde321bae21964c6
(included below)
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-kdig-disable-TCP-Fastopen-by-default-as-it-breaks-TL.patch
Type: text/x-diff
Size: 845 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-dns-devel/attachments/20171019/402811f3/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-dns-devel/attachments/20171019/402811f3/attachment.sig>
More information about the pkg-dns-devel
mailing list