From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 19 Apr 2019 14:13:53 +0000 (+0200)
Subject: dnsdist: Add an option to set the Server: HTTP header with DoH
X-Git-Tag: dnsdist-1.4.0-alpha2~6^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d0371b3cc711e7a9135b73e571a508d415141b5;p=thirdparty%2Fpdns.git

dnsdist: Add an option to set the Server: HTTP header with DoH
---

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 7a3457d1c5..71421a1862 100644
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -1699,6 +1699,9 @@ void setupLuaConfig(bool client)
       if (vars->count("ciphersTLS13")) {
         frontend->d_ciphers13 = boost::get<const string>((*vars)["ciphersTLS13"]);
       }
+      if (vars->count("serverTokens")) {
+        frontend->d_serverTokens = boost::get<const string>((*vars)["serverTokens"]);
+      }
     }
     g_dohlocals.push_back(frontend);
     auto cs = std::unique_ptr<ClientState>(new ClientState(frontend->d_local, true, reusePort, tcpFastOpenQueueSize, interface, cpus));
diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst
index a0aed92e1c..b51b01ba9e 100644
--- a/pdns/dnsdistdist/docs/reference/config.rst
+++ b/pdns/dnsdistdist/docs/reference/config.rst
@@ -122,6 +122,7 @@ Listen Sockets
   * ``idleTimeout=30``: int - Set the idle timeout, in seconds.
   * ``ciphers``: str - The TLS ciphers to use, in OpenSSL format. Ciphers for TLS 1.3 must be specified via ``ciphersTLS13``.
   * ``ciphersTLS13``: str - The TLS ciphers to use for TLS 1.3, in OpenSSL format.
+  * ``serverTokens``: str - The content of the Server: HTTP header returned by dnsdist. The default is "h2o/dnsdist".
 
 .. function:: addTLSLocal(address, certFile(s), keyFile(s) [, options])
 
diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index bb84b9b7a2..4b5ca90603 100644
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -321,6 +321,9 @@ try
   h2o_socket_getpeername(sock, reinterpret_cast<struct sockaddr*>(&remote));
   DOHServerConfig* dsc = reinterpret_cast<DOHServerConfig*>(req->conn->ctx->storage.entries[0].data);
 
+  /* looks like we can't delete the Server: header with most versions of h2o */
+  h2o_set_header(&req->pool, &req->res.headers, H2O_TOKEN_SERVER, dsc->df->d_serverTokens.c_str(), dsc->df->d_serverTokens.size(), 1);
+
   if(auto tlsversion = h2o_socket_get_ssl_protocol_version(sock)) {
     if(!strcmp(tlsversion, "TLSv1.0"))
       ++dsc->df->d_tls10queries;
diff --git a/pdns/doh.hh b/pdns/doh.hh
index d128e4ede8..2fa36fa8e3 100644
--- a/pdns/doh.hh
+++ b/pdns/doh.hh
@@ -9,6 +9,7 @@ struct DOHFrontend
   std::vector<std::pair<std::string, std::string>> d_certKeyPairs;
   std::string d_ciphers;
   std::string d_ciphers13;
+  std::string d_serverTokens{"h2o/dnsdist"};
   ComboAddress d_local;
 
   uint32_t d_idleTimeout{30};             // HTTP idle timeout in seconds