From 07ef92dbd8e01a3ad2f20fc085a7b974ff6bfeb4 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sun, 18 Jul 2021 23:25:45 +0200 Subject: net.resolvers.service: Only do DANE with secure SRV records If this seems backwards, that' because it is but the API isn't really designed to easily pass along details from each resolution step onto the next. --- net/resolvers/service.lua | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'net') diff --git a/net/resolvers/service.lua b/net/resolvers/service.lua index d74adf06..204c8a7f 100644 --- a/net/resolvers/service.lua +++ b/net/resolvers/service.lua @@ -50,6 +50,10 @@ function methods:next(cb) answer = {}; end if answer then + if self.extra and not answer.secure then + self.extra.use_dane = false; + end + if #answer == 0 then if self.extra and self.extra.default_port then table.insert(targets, { self.hostname, self.extra.default_port, self.conn_type, self.extra }); -- cgit v1.2.3