From 2b7e85591fe87311d084ac49ca84cef97aa63ee2 Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Tue, 12 Jul 2022 23:08:07 +0300
Subject: [PATCH] Use Stream DNS in dig for DNS over TLS

This commit makes dig use the new Stream DNS transport for DNS over
TLS.
---
 bin/dig/dighost.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index b85142e6b4..7b7913ecd3 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -3037,9 +3037,9 @@ start_tcp(dig_query_t *query) {
 		if (tlsctx == NULL) {
 			goto failure_tls;
 		}
-		isc_nm_tlsdnsconnect(netmgr, &localaddr, &query->sockaddr,
-				     tcp_connected, connectquery, local_timeout,
-				     tlsctx, sess_cache);
+		isc_nm_streamdnsconnect(netmgr, &localaddr, &query->sockaddr,
+					tcp_connected, connectquery,
+					local_timeout, tlsctx, sess_cache);
 #if HAVE_LIBNGHTTP2
 	} else if (query->lookup->https_mode) {
 		char uri[4096] = { 0 };
@@ -3454,8 +3454,9 @@ launch_next_query(dig_query_t *query) {
 
 	xfr = query->lookup->rdtype == dns_rdatatype_ixfr ||
 	      query->lookup->rdtype == dns_rdatatype_axfr;
-	if (xfr && isc_nm_socket_type(query->handle) == isc_nm_tlsdnssocket &&
-	    !isc_nm_xfr_allowed(query->handle))
+	if (xfr &&
+	    isc_nm_socket_type(query->handle) == isc_nm_streamdnssocket &&
+	    query->lookup->tls_mode && !isc_nm_xfr_allowed(query->handle))
 	{
 		dighost_error("zone transfers over the "
 			      "established TLS connection are not allowed");