Changeset

12842:3edd39c55a8a 0.12

prosodyctl check dns: Check for Direct TLS SRV records even if not configured (fix #1793) Existing such records may cause timeouts or errors in clients and servers trying to connect, despite prosodyctl check saying all is well
author Kim Alvefur <zash@zash.se>
date Sat, 14 Jan 2023 05:47:47 +0100
parents 12834:dcbff9f038a0
children 12843:e609e10966f5 12850:101c758428aa
files util/prosodyctl/check.lua
diffstat 1 files changed, 8 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/util/prosodyctl/check.lua	Tue Jan 10 21:10:58 2023 +0100
+++ b/util/prosodyctl/check.lua	Sat Jan 14 05:47:47 2023 +0100
@@ -809,6 +809,10 @@
 				modules:add(component_module);
 			end
 
+			-- TODO Refactor these DNS SRV checks since they are very similar
+			-- FIXME Suggest concrete actionable steps to correct issues so that
+			-- users don't have to copy-paste the message into the support chat and
+			-- ask what to do about it.
 			local is_component = not not host_options.component_module;
 			print("Checking DNS for "..(is_component and "component" or "host").." "..jid.."...");
 			if node then
@@ -838,7 +842,7 @@
 					end
 				end
 			end
-			if modules:contains("c2s") and c2s_tls_srv_required then
+			if modules:contains("c2s") then
 				local res = dns.lookup("_xmpps-client._tcp."..idna.to_ascii(host)..".", "SRV");
 				if res and #res > 0 then
 					for _, record in ipairs(res) do
@@ -852,7 +856,7 @@
 							print("    SRV target "..target.." contains unknown Direct TLS client port: "..record.srv.port);
 						end
 					end
-				else
+				elseif c2s_tls_srv_required then
 					print("    No _xmpps-client SRV record found for "..host..", but it looks like you need one.");
 					all_targets_ok = false;
 				end
@@ -880,7 +884,7 @@
 					end
 				end
 			end
-			if modules:contains("s2s") and s2s_tls_srv_required then
+			if modules:contains("s2s") then
 				local res = dns.lookup("_xmpps-server._tcp."..idna.to_ascii(host)..".", "SRV");
 				if res and #res > 0 then
 					for _, record in ipairs(res) do
@@ -894,7 +898,7 @@
 							print("    SRV target "..target.." contains unknown Direct TLS server port: "..record.srv.port);
 						end
 					end
-				else
+				elseif s2s_tls_srv_required then
 					print("    No _xmpps-server SRV record found for "..host..", but it looks like you need one.");
 					all_targets_ok = false;
 				end