From: Otto Moerbeek Date: Tue, 6 Sep 2022 14:02:25 +0000 (+0200) Subject: Docs and setting (edns-padding-out, defaults to "yes"). X-Git-Tag: rec-4.8.0-alpha1~33^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fcf47f49f20c7d2363fdc7e7ad3f6ca2f8fb930c;p=thirdparty%2Fpdns.git Docs and setting (edns-padding-out, defaults to "yes"). --- diff --git a/pdns/lwres.cc b/pdns/lwres.cc index 4cef99eb60..7cc80f4e59 100644 --- a/pdns/lwres.cc +++ b/pdns/lwres.cc @@ -57,6 +57,7 @@ thread_local TCPOutConnectionManager t_tcp_manager; std::shared_ptr g_slogout; +bool g_paddingOutgoing; void remoteLoggerQueueData(RemoteLoggerInterface& r, const std::string& data) { @@ -423,7 +424,7 @@ static LWResult::Result asyncresolve(const ComboAddress& ip, const DNSName& doma weWantEDNSSubnet=true; } - if (dnsOverTLS /* and other conditions? */) { + if (dnsOverTLS && g_paddingOutgoing) { addPadding(pw, bufsize, opts); } diff --git a/pdns/lwres.hh b/pdns/lwres.hh index 97e8d01598..38a8817a1e 100644 --- a/pdns/lwres.hh +++ b/pdns/lwres.hh @@ -50,6 +50,7 @@ void remoteLoggerQueueData(RemoteLoggerInterface&, const std::string&); extern std::shared_ptr g_slogout; +extern bool g_paddingOutgoing; class LWResException : public PDNSException { diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst index 529d0b4d82..bd8374cfb9 100644 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@ -703,6 +703,17 @@ List of netmasks (proxy IP in case of XPF or proxy-protocol presence, client IP Whether to add EDNS padding to all responses (``always``) or only to responses for queries containing the EDNS padding option (``padded-queries-only``, the default). In both modes, padding will only be added to responses for queries coming from `edns-padding-from`_ sources. +.. _setting-edns-padding-out: + +``edns-padding-out`` +-------------------- +.. versionadded:: 4.8.0 + +- Boolean +- Default: yes + +Whether to add EDNS padding to outgoing DoT queries. + .. _setting-edns-padding-tag: ``edns-padding-tag`` diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc index 595903de26..2401ae7dbf 100644 --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@ -1636,6 +1636,7 @@ static int serviceMain(int argc, char* argv[], Logr::log_t log) exit(1); } g_paddingTag = ::arg().asNum("edns-padding-tag"); + g_paddingOutgoing = ::arg().mustDo("edns-padding-out"); RecThreadInfo::setNumDistributorThreads(::arg().asNum("distributor-threads")); RecThreadInfo::setNumWorkerThreads(::arg().asNum("threads")); @@ -2792,6 +2793,7 @@ int main(int argc, char** argv) ::arg().set("edns-padding-from", "List of netmasks (proxy IP in case of XPF or proxy-protocol presence, client IP otherwise) for which EDNS padding will be enabled in responses, provided that 'edns-padding-mode' applies") = ""; ::arg().set("edns-padding-mode", "Whether to add EDNS padding to all responses ('always') or only to responses for queries containing the EDNS padding option ('padded-queries-only', the default). In both modes, padding will only be added to responses for queries coming from `edns-padding-from`_ sources") = "padded-queries-only"; ::arg().set("edns-padding-tag", "Packetcache tag associated to responses sent with EDNS padding, to prevent sending these to clients for which padding is not enabled.") = "7830"; + ::arg().setSwitch("edns-padding-out", "Whether to add EDNS padding to outgoing DoT messages") = "yes"; ::arg().setSwitch("dot-to-port-853", "Force DoT connection to target port 853 if DoT compiled in") = "yes"; ::arg().set("dot-to-auth-names", "Use DoT to authoritative servers with these names or suffixes") = "";