From: Otto Moerbeek Date: Tue, 23 Mar 2021 14:43:01 +0000 (+0100) Subject: Merge pull request #8918 from rgacogne/rec-edns-padding-plus-tests X-Git-Tag: rec-4.5.0-beta1~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=418e9574d4297cef22980f719a70f02407729e7c;p=thirdparty%2Fpdns.git Merge pull request #8918 from rgacogne/rec-edns-padding-plus-tests rec: Implement EDNS0 padding (rfc7830) for outgoing responses --- 418e9574d4297cef22980f719a70f02407729e7c diff --cc pdns/pdns_recursor.cc index d4e27295e1,33e7c607e0..d293c73d30 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@@ -5529,8 -5600,12 +5601,12 @@@ int main(int argc, char **argv ::arg().setSwitch("extended-resolution-errors", "If set, send an EDNS Extended Error extension on resolution failures, like DNSSEC validation errors")="no"; - ::arg().setSwitch("aggressive-nsec-cache-size", "The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198")="100000"; + ::arg().setSwitch("aggressive-nsec-cache-size", "The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC processing or validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198")="100000"; + ::arg().set("edns-padding-from", "List of netmasks (proxy IP in case of XPF or proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies")=""; + ::arg().set("edns-padding-mode", "Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from `edns-padding-from`_ sources")="padded-queries-only"; + ::arg().set("edns-padding-tag", "Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to non-whitelisted clients.")="7830"; + ::arg().setCmd("help","Provide a helpful message"); ::arg().setCmd("version","Print version string"); ::arg().setCmd("config","Output blank configuration");