diff options
| author | Shulhan <m.shulhan@gmail.com> | 2020-09-15 12:38:15 +0700 |
|---|---|---|
| committer | Shulhan <m.shulhan@gmail.com> | 2020-09-15 12:38:15 +0700 |
| commit | 9ee1709fe381c416b43bea45b6a71680bef244a5 (patch) | |
| tree | 5f44e126b3cd83b3fc0503f3dd2f6ccce387786e | |
| parent | d4c49078f260b3b899cdfce0c824d499ef49a7e3 (diff) | |
| download | pakakeh.go-9ee1709fe381c416b43bea45b6a71680bef244a5.tar.xz | |
dns: serve DoT without SSL if server is behind proxy or tlsConfig is null
Previously we only check for tlsConfig, if its null the DoT server
will not running.
There is a use case where the SSL terminated by proxy and the connection
is forwaded to DNS server, so this changes accomodated it.
| -rw-r--r-- | lib/dns/server.go | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/dns/server.go b/lib/dns/server.go index fb87aeb7..f17638be 100644 --- a/lib/dns/server.go +++ b/lib/dns/server.go @@ -359,14 +359,14 @@ func (srv *Server) serveDoT() { err error ) - if srv.tlsConfig == nil { - return - } - dotAddr := srv.opts.getDoTAddress() for { - srv.dot, err = tls.Listen("tcp", dotAddr.String(), srv.tlsConfig) + if srv.opts.DoHBehindProxy || srv.tlsConfig == nil { + srv.dot, err = net.ListenTCP("tcp", dotAddr) + } else { + srv.dot, err = tls.Listen("tcp", dotAddr.String(), srv.tlsConfig) + } if err != nil { log.Println("dns: Server.serveDoT: " + err.Error()) time.Sleep(3 * time.Second) |