From c9fb0c2cab170724f8894bf036266d0366c99429 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 14 Jan 2023 05:47:47 +0100
Subject: prosodyctl check dns: Check for Direct TLS SRV records even if not
 configured (fix #1793)

Existing such records may cause timeouts or errors in clients and
servers trying to connect, despite prosodyctl check saying all is well
---
 util/prosodyctl/check.lua | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'util')

diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index 42d73f29..e5566ff7 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -809,6 +809,10 @@ local function check(arg)
 				modules:add(component_module);
 			end
 
+			-- TODO Refactor these DNS SRV checks since they are very similar
+			-- FIXME Suggest concrete actionable steps to correct issues so that
+			-- users don't have to copy-paste the message into the support chat and
+			-- ask what to do about it.
 			local is_component = not not host_options.component_module;
 			print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
 			if node then
@@ -838,7 +842,7 @@ local function check(arg)
 					end
 				end
 			end
-			if modules:contains("c2s") and c2s_tls_srv_required then
+			if modules:contains("c2s") then
 				local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
 				if res and #res > 0 then
 					for _, record in ipairs(res) do
@@ -852,7 +856,7 @@ local function check(arg)
 							print("    SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port);
 						end
 					end
-				else
+				elseif c2s_tls_srv_required then
 					print("    No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
 					all_targets_ok = false;
 				end
@@ -880,7 +884,7 @@ local function check(arg)
 					end
 				end
 			end
-			if modules:contains("s2s") and s2s_tls_srv_required then
+			if modules:contains("s2s") then
 				local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV");
 				if res and #res > 0 then
 					for _, record in ipairs(res) do
@@ -894,7 +898,7 @@ local function check(arg)
 							print("    SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port);
 						end
 					end
-				else
+				elseif s2s_tls_srv_required then
 					print("    No _xmpps-server SRV record found for "..host..", but it looks like you need one.");
 					all_targets_ok = false;
 				end
-- 
cgit v1.2.3