From 740292d3ec6b9cc0906756067c35750903057bfb Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Tue, 17 Dec 2024 16:24:29 +0200
Subject: [PATCH] BIND - enable TLS SNI support for outgoing TLS connections

This commit ensures that BIND enables TLS SNI support for outgoing DoT
connections (when possible) in order to improve compatibility with
other DNS server software.
---
 lib/dns/dispatch.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 74080270ac..5484caffc9 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -2005,10 +2005,16 @@ tcp_dispatch_connect(dns_dispatch_t *disp, dns_dispentry_t *resp) {
 			      "connecting from %s to %s, timeout %u", localbuf,
 			      peerbuf, resp->timeout);
 
+		char *hostname = NULL;
+		if (resp->transport != NULL) {
+			hostname = dns_transport_get_remote_hostname(
+				resp->transport);
+		}
+
 		isc_nm_streamdnsconnect(disp->mgr->nm, &disp->local,
 					&disp->peer, tcp_connected, disp,
-					resp->timeout, tlsctx, NULL, sess_cache,
-					ISC_NM_PROXY_NONE, NULL);
+					resp->timeout, tlsctx, hostname,
+					sess_cache, ISC_NM_PROXY_NONE, NULL);
 		break;
 
 	case DNS_DISPATCHSTATE_CONNECTING: