From a0a95fb99790c4074d48cf8820823310ddea7840 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 10 Aug 2023 09:34:19 +0200
Subject: [PATCH 1/2] Make nsupdate honor -v for SOA queries

nsupdate offers the switch -v to use TCP for update requests. But
before sending that update request nsupdate was using UDP connection
to gather the SOA for determining the zone if not given explicitly.

Only use TCP if not using the default servers, because the SOA
query lookup is a different server with different capabilities (and
usually not for the better of it).
---
 bin/nsupdate/nsupdate.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 1f06dab614..ae759be607 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -2594,6 +2594,8 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
 	result = dns_request_getresponse(request, rcvmsg,
 					 DNS_MESSAGEPARSE_PRESERVEORDER);
 	if (result == DNS_R_TSIGERRORSET && servers != NULL) {
+		unsigned int options = 0;
+
 		dns_message_detach(&rcvmsg);
 		ddebug("Destroying request [%p]", request);
 		dns_request_destroy(&request);
@@ -2603,6 +2605,10 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
 		dns_message_renderreset(soaquery);
 		ddebug("retrying soa request without TSIG");
 
+		if (!default_servers && usevc) {
+			options |= DNS_REQUESTOPT_TCP;
+		}
+
 		if (isc_sockaddr_pf(addr) == AF_INET6) {
 			srcaddr = localaddr6;
 		} else {
@@ -2610,7 +2616,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
 		}
 
 		result = dns_request_create(requestmgr, soaquery, srcaddr, addr,
-					    0, NULL, timeout, udp_timeout,
+					    options, NULL, timeout, udp_timeout,
 					    udp_retries, global_task, recvsoa,
 					    reqinfo, &request);
 		check_result(result, "dns_request_create");
@@ -2825,6 +2831,11 @@ sendrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
 	isc_result_t result;
 	nsu_requestinfo_t *reqinfo;
 	isc_sockaddr_t *srcaddr;
+	unsigned int options = 0;
+
+	if (!default_servers && usevc) {
+		options |= DNS_REQUESTOPT_TCP;
+	}
 
 	reqinfo = isc_mem_get(gmctx, sizeof(nsu_requestinfo_t));
 	reqinfo->msg = msg;
@@ -2836,7 +2847,7 @@ sendrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
 		srcaddr = localaddr4;
 	}
 
-	result = dns_request_create(requestmgr, msg, srcaddr, destaddr, 0,
+	result = dns_request_create(requestmgr, msg, srcaddr, destaddr, options,
 				    default_servers ? NULL : tsigkey, timeout,
 				    udp_timeout, udp_retries, global_task,
 				    recvsoa, reqinfo, request);

From 97c70e6b4e162aed38e3977e2f8896b3c3a0a6ff Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 10 Aug 2023 09:40:14 +0200
Subject: [PATCH 2/2] Add release note and CHANGES for #1181

---
 CHANGES                     | 3 +++
 doc/notes/notes-current.rst | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/CHANGES b/CHANGES
index f17012f56b..bc76b1cf6d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6231.	[func]		Make nsupdate honor -v for SOA requests if the server
+			is specified. [GL #1181]
+
 6230.	[bug]		Prevent an unnecessary query restart if a synthesized
 			CNAME target points to the CNAME owner. [GL #3835]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index e8e2cabdfb..79dcce4a0b 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -32,6 +32,9 @@ Feature Changes
 
 - None.
 
+- Make :iscman:`nsupdate` honor the ``-v`` option. If set, and the server is
+  specified, SOA queries are now send over TCP as well. :gl:`#1181`
+
 Bug Fixes
 ~~~~~~~~~