Add config to persistently list auths not supporting cookies

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc
index c4f2af9602ad9063c875742d803c67ec56bbc707..c9d03f772f2cd9518bcca327f0cf872a6fb43ab2 100644 (file)
--- a/pdns/recursordist/lwres.cc
+++ b/pdns/recursordist/lwres.cc
@@ -58,9 +58,14 @@
 
 static bool g_cookies = false;
 
-void enableOutgoingCookies(bool flag)
+void enableOutgoingCookies(bool flag, const string& unsupported)
 {
   g_cookies = flag;
+  if (g_cookies) {
+    std::vector<std::string> parts;
+    stringtok(parts, unsupported, ", ");
+    addCookiesUnsupported(parts.begin(), parts.end());
+  }
 }
 
 thread_local TCPOutConnectionManager t_tcp_manager;
@@ -85,7 +90,7 @@ uint64_t addCookiesUnsupported(vector<string>::iterator begin, vector<string>::i
       }
       ++count;
     }
-    catch (const PDNSException &) {
+    catch (const PDNSException&) {
       ;
     }
     ++begin;
@@ -109,7 +114,7 @@ uint64_t clearCookies(vector<string>::iterator begin, vector<string>::iterator e
       try {
         count += lock->erase(ComboAddress(*begin, 53));
       }
-      catch (const PDNSException &) {
+      catch (const PDNSException&) {
         ;
       }
       ++begin;

diff --git a/pdns/recursordist/lwres.hh b/pdns/recursordist/lwres.hh
index 544f34f40bdb6b56a7d16602a6570d5f88715eed..89cc45f19c4688db4d4662809793e6b09ffab959 100644 (file)
--- a/pdns/recursordist/lwres.hh
+++ b/pdns/recursordist/lwres.hh
@@ -103,4 +103,4 @@ uint64_t dumpCookies(int fileDesc);
 uint64_t clearCookies(vector<string>::iterator begin, vector<string>::iterator end);
 uint64_t addCookiesUnsupported(vector<string>::iterator begin, vector<string>::iterator end);
 void pruneCookies(time_t cutoff);
-void enableOutgoingCookies(bool flag);
+void enableOutgoingCookies(bool flag, const std::string& unsupported);

diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc
index 01b6c4f6c9f34eef74c8aac5abdb625e5ff893b7..f638e0f25f54d0d748e20712677b16c3b17b7777 100644 (file)
--- a/pdns/recursordist/rec-main.cc
+++ b/pdns/recursordist/rec-main.cc
@@ -2203,7 +2203,7 @@ static int serviceMain(Logr::log_t log)
   g_paddingOutgoing = ::arg().mustDo("edns-padding-out");
   g_ECSHardening = ::arg().mustDo("edns-subnet-harden");
 
-  enableOutgoingCookies(::arg().mustDo("outgoing-cookies"));
+  enableOutgoingCookies(::arg().mustDo("outgoing-cookies"), ::arg()["outgoing-cookies-unsupported"]);
 
   RecThreadInfo::setNumDistributorThreads(::arg().asNum("distributor-threads"));
   RecThreadInfo::setNumUDPWorkerThreads(::arg().asNum("threads"));

diff --git a/pdns/recursordist/rec-rust-lib/table.py b/pdns/recursordist/rec-rust-lib/table.py
index 5beed59d8aa27b519a25880da215e0dd83534a4d..559c1d4a602bf6576b07fc7416966d96a31b5253 100644 (file)
--- a/pdns/recursordist/rec-rust-lib/table.py
+++ b/pdns/recursordist/rec-rust-lib/table.py
@@ -3627,6 +3627,18 @@ Sequence of ForwardingCatalogZone. This setting cannot be combined with :ref:`se
         'help': 'Enable DNS cookies when contacting authoritative servers or forwarders',
         'doc': '''
 Enable DNS cookies (:rfc:`7873`, :rfc:`9018`) when contacting authoritative servers or forwarders.
+''',
+        'versionadded': '5.3.0',
+    },
+    {
+        'name' : 'cookies_unsupported',
+        'section' : 'outgoing',
+        'oldname': 'outgoing-cookies-unsupported',
+        'type': LType.ListStrings,
+        'default': '',
+        'help': 'Addresses of authoritative servers that do not support cookies',
+        'doc': '''
+Addresses of servers that do not properly support DNS cookies (:rfc:`7873`, :rfc:`9018`). Recursor wil not even try to probe these servers for cookie support.
 ''',
         'versionadded': '5.3.0',
     },