From c9fb0c2cab170724f8894bf036266d0366c99429 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 14 Jan 2023 05:47:47 +0100 Subject: prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Existing such records may cause timeouts or errors in clients and servers trying to connect, despite prosodyctl check saying all is well --- util/prosodyctl/check.lua | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'util') diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 42d73f29..e5566ff7 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -809,6 +809,10 @@ local function check(arg) modules:add(component_module); end + -- TODO Refactor these DNS SRV checks since they are very similar + -- FIXME Suggest concrete actionable steps to correct issues so that + -- users don't have to copy-paste the message into the support chat and + -- ask what to do about it. local is_component = not not host_options.component_module; print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."..."); if node then @@ -838,7 +842,7 @@ local function check(arg) end end end - if modules:contains("c2s") and c2s_tls_srv_required then + if modules:contains("c2s") then local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV"); if res and #res > 0 then for _, record in ipairs(res) do @@ -852,7 +856,7 @@ local function check(arg) print(" SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port); end end - else + elseif c2s_tls_srv_required then print(" No _xmpps-client SRV record found for "..host..", but it looks like you need one."); all_targets_ok = false; end @@ -880,7 +884,7 @@ local function check(arg) end end end - if modules:contains("s2s") and s2s_tls_srv_required then + if modules:contains("s2s") then local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV"); if res and #res > 0 then for _, record in ipairs(res) do @@ -894,7 +898,7 @@ local function check(arg) print(" SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port); end end - else + elseif s2s_tls_srv_required then print(" No _xmpps-server SRV record found for "..host..", but it looks like you need one."); all_targets_ok = false; end -- cgit v1.2.3