]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a02d0fa) | patch
auth: Implement RFC 7872 and 9018 (COOKIES)
authorPieter Lexis <pieter.lexis@powerdns.com>
Mon, 12 Apr 2021 10:58:56 +0000 (12:58 +0200)
committerPieter Lexis <pieter.lexis@powerdns.com>
Mon, 20 Sep 2021 08:54:13 +0000 (10:54 +0200)
commit37063755dd0973cb75396f0bf629e9d68b54b6f3
tree4602ee60477a71403c08566a0dc9b61c92a97991tree
parenta02d0fa6328b2fa06e99dba7db3ad65174b93c2fcommit | diff
auth: Implement RFC 7872 and 9018 (COOKIES)

This implements the siphash-based interoperable DNS COOKIES defined in
RFC 9018 for the authoritative server. The EDNSCookieOpt struct has been
expanded to accomodate this and can now has constructors and functions
to check and generate a server cookie.

Cookies will only be sent out if the client sent a cookie and the
edns-cookie-secret setting is configures. The auth will respond with
EDNS+FORMERR when the client cookie is malformed, BADCOOKIE when the
client sent a server cookie we can't decode or is invalid and a normal
response with a cookie (either new or sent by the client) when the
cookie can be validated.
19 files changed:
.github/actions/spell-check/expect.txt diff | blob | blame | history
.not-formatted diff | blob | blame | history
docs/settings.rst diff | blob | blame | history
modules/remotebackend/Makefile.am diff | blob | blame | history
pdns/Makefile.am diff | blob | blame | history
pdns/common_startup.cc diff | blob | blame | history
pdns/dnspacket.cc diff | blob | blame | history
pdns/dnspacket.hh diff | blob | blame | history
pdns/ednscookies.cc diff | blob | blame | history
pdns/ednscookies.hh diff | blob | blame | history
pdns/packethandler.cc diff | blob | blame | history
pdns/recursordist/test-ednsoptions_cc.cc diff | blob | blame | history
pdns/test-dnsdist_cc.cc diff | blob | blame | history
pdns/test-ednscookie_cc.cc [new file with mode: 0644] blob
pdns/test-packetcache_hh.cc diff | blob | blame | history
regression-tests.auth-py/authtests.py diff | blob | blame | history
regression-tests.auth-py/cookiesoption.py [new symlink] blob
regression-tests.auth-py/test_Cookies.py [new file with mode: 0644] blob
regression-tests.dnsdist/cookiesoption.py diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.