Merge branch 'fix-systemd-dot'

3 files changed, 35 insertions, 0 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ff322d2845..2b97392ceb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -46,6 +46,7 @@ Line wrap the file at 100 chars.                                              Th
 #### Linux
 - Make offline monitor aware of routing table changes.
 - Assign local DNS servers to more appropriate interfaces when using systemd-resolved.
+- Disable DNS over TLS for tunnel's DNS config when using systemd-resolved.
 
 #### Windows
 - Fix failure to restart the daemon when resuming from "fast startup" hibernation.
diff --git a/talpid-core/src/dns/linux/systemd_resolved.rs b/talpid-core/src/dns/linux/systemd_resolved.rs
index ea487a3077..a9227c2628 100644
--- a/talpid-core/src/dns/linux/systemd_resolved.rs
+++ b/talpid-core/src/dns/linux/systemd_resolved.rs
@@ -75,6 +75,11 @@ impl SystemdResolved {
         self.tunnel_index = tunnel_index;
         let mut last_result = Ok(());
 
+        if let Err(error) = self.dbus_interface.disable_dot(self.tunnel_index).await {
+            log::error!("Failed to disable DoT: {}", error.display_chain());
+        }
+
+
         {
             let mut initial_states = self.initial_states.lock().unwrap();
             for (iface_index, iface_config) in &initial_config {
@@ -113,6 +118,7 @@ impl SystemdResolved {
             }
         }
 
+
         if let Err(error) = last_result {
             let _ = self.reset();
             return Err(error);
diff --git a/talpid-dbus/src/systemd_resolved.rs b/talpid-dbus/src/systemd_resolved.rs
index 769ea881ff..b593c589d4 100644
--- a/talpid-dbus/src/systemd_resolved.rs
+++ b/talpid-dbus/src/systemd_resolved.rs
@@ -83,6 +83,7 @@ const DNS_DOMAINS: &str = "Domains";
 const DNS_SERVERS: &str = "DNS";
 const GET_LINK_METHOD: &str = "GetLink";
 const SET_DNS_METHOD: &str = "SetDNS";
+const SET_DNS_OVER_TLS_METHOD: &str = "SetDNSOverTLS";
 const SET_DOMAINS_METHOD: &str = "SetDomains";
 const REVERT_METHOD: &str = "Revert";
 
@@ -350,6 +351,26 @@ impl SystemdResolved {
             .map_err(Error::DBusRpcError)
     }
 
+    fn link_disable_dns_over_tls<'a, 'b: 'a>(&'a self, interface_index: u32) -> Result<()> {
+        let link_object_path = self
+            .fetch_link(interface_index)
+            .map_err(|e| Error::GetLinkError(Box::new(e)))?;
+
+        let link_object = self.as_link_object(link_object_path.clone());
+
+        link_object.method_call(LINK_INTERFACE, SET_DNS_OVER_TLS_METHOD, ("no",))
+            .or_else(|error| {
+            if error.name() == Some("org.freedesktop.DBus.Error.UnknownMethod") {
+                log::debug!(
+                    "Didn't disable DNSOverTLS because systemd-resolved doesn't have 'SetDnsOverTLS' method. {}",
+                    error);
+                Ok(())
+            } else {
+                Err(error)
+            }
+        }).map_err(Error::DBusRpcError)
+    }
+
     fn get_link_dns_domains<'a, 'b: 'a>(
         &'a self,
         link_object_path: &'b dbus::Path<'static>,
@@ -534,6 +555,13 @@ impl AsyncHandle {
             .map_err(Error::AsyncTaskError)?
     }
 
+    pub async fn disable_dot(&self, interface_index: u32) -> Result<()> {
+        let interface = self.dbus_interface.clone();
+        tokio::task::spawn_blocking(move || interface.link_disable_dns_over_tls(interface_index))
+            .await
+            .map_err(Error::AsyncTaskError)?
+    }
+
     pub async fn set_domains(
         &self,
         interface_index: u32,