From: Otto Moerbeek Date: Mon, 26 Sep 2022 14:22:08 +0000 (+0200) Subject: Merge pull request #11856 from omoerbeek/rec-no-more-xpf X-Git-Tag: rec-4.9.0-alpha0~34 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9240ebbd99ea201ff6bb09119caa8fbdf4b7444;p=thirdparty%2Fpdns.git Merge pull request #11856 from omoerbeek/rec-no-more-xpf rec: Remove XPF support --- b9240ebbd99ea201ff6bb09119caa8fbdf4b7444 diff --cc pdns/recursordist/docs/settings.rst index 3c1819df58,f119a4dbe7..8e6ff17a56 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@@ -2476,8 -2411,10 +2476,11 @@@ If a PID file should be written to `soc ``xpf-allow-from`` ------------------ .. versionadded:: 4.2.0 +.. deprecated:: 4.7.0 + .. versionchanged:: 4.8.0 + This setting was removed. + - IP addresses or netmasks, separated by commas - Default: empty @@@ -2496,8 -2433,10 +2499,11 @@@ should be done on the proxy ``xpf-rr-code`` --------------- .. versionadded:: 4.2.0 +.. deprecated:: 4.7.0 + .. versionchanged:: 4.8.0 + This setting was removed. + - Integer - Default: 0 diff --cc pdns/recursordist/rec-main.cc index 8e47007b1c,a879977c3e..bcbbdcea0a --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@@ -2816,10 -2762,9 +2809,10 @@@ int main(int argc, char** argv ::arg().set("aggressive-nsec-cache-size", "The number of records to cache in the aggressive cache. If set to a value greater than 0, and DNSSEC processing or validation is enabled, the recursor will cache NSEC and NSEC3 records to generate negative answers, as defined in rfc8198") = "100000"; - ::arg().set("edns-padding-from", "List of netmasks (proxy IP in case of XPF or proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies") = ""; + ::arg().set("edns-padding-from", "List of netmasks (proxy IP in case of proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies") = ""; ::arg().set("edns-padding-mode", "Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from `edns-padding-from`_ sources") = "padded-queries-only"; ::arg().set("edns-padding-tag", "Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to clients for which padding is not enabled.") = "7830"; + ::arg().setSwitch("edns-padding-out", "Whether to add EDNS padding to outgoing DoT messages") = "yes"; ::arg().setSwitch("dot-to-port-853", "Force DoT connection to target port 853 if DoT compiled in") = "yes"; ::arg().set("dot-to-auth-names", "Use DoT to authoritative servers with these names or suffixes") = "";