dnsdist: Add an option to set the Server: HTTP header with DoH

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 7a3457d1c503d9def4c0decca3a26503b0573620..71421a1862b447503abeab1c4287fb88842a33aa 100644 (file)
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -1699,6 +1699,9 @@ void setupLuaConfig(bool client)
       if (vars->count("ciphersTLS13")) {
         frontend->d_ciphers13 = boost::get<const string>((*vars)["ciphersTLS13"]);
       }
+      if (vars->count("serverTokens")) {
+        frontend->d_serverTokens = boost::get<const string>((*vars)["serverTokens"]);
+      }
     }
     g_dohlocals.push_back(frontend);
     auto cs = std::unique_ptr<ClientState>(new ClientState(frontend->d_local, true, reusePort, tcpFastOpenQueueSize, interface, cpus));

diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst
index a0aed92e1cb918a12f2dd1ee231805f89799a8dc..b51b01ba9e9939119db0fe8d2ae838303c6454b2 100644 (file)
--- a/pdns/dnsdistdist/docs/reference/config.rst
+++ b/pdns/dnsdistdist/docs/reference/config.rst
@@ -122,6 +122,7 @@ Listen Sockets
   * ``idleTimeout=30``: int - Set the idle timeout, in seconds.
   * ``ciphers``: str - The TLS ciphers to use, in OpenSSL format. Ciphers for TLS 1.3 must be specified via ``ciphersTLS13``.
   * ``ciphersTLS13``: str - The TLS ciphers to use for TLS 1.3, in OpenSSL format.
+  * ``serverTokens``: str - The content of the Server: HTTP header returned by dnsdist. The default is "h2o/dnsdist".
 
 .. function:: addTLSLocal(address, certFile(s), keyFile(s) [, options])
 

diff --git a/pdns/dnsdistdist/doh.cc b/pdns/dnsdistdist/doh.cc
index bb84b9b7a2c7d2aac208c71d799d84dc5e29ae35..4b5ca9060318bd89bcd73b2267fcaea0bac20ec7 100644 (file)
--- a/pdns/dnsdistdist/doh.cc
+++ b/pdns/dnsdistdist/doh.cc
@@ -321,6 +321,9 @@ try
   h2o_socket_getpeername(sock, reinterpret_cast<struct sockaddr*>(&remote));
   DOHServerConfig* dsc = reinterpret_cast<DOHServerConfig*>(req->conn->ctx->storage.entries[0].data);
 
+  /* looks like we can't delete the Server: header with most versions of h2o */
+  h2o_set_header(&req->pool, &req->res.headers, H2O_TOKEN_SERVER, dsc->df->d_serverTokens.c_str(), dsc->df->d_serverTokens.size(), 1);
+
   if(auto tlsversion = h2o_socket_get_ssl_protocol_version(sock)) {
     if(!strcmp(tlsversion, "TLSv1.0"))
       ++dsc->df->d_tls10queries;

diff --git a/pdns/doh.hh b/pdns/doh.hh
index d128e4ede88b38255a487c6782315909eaeaa9c6..2fa36fa8e32f3c49363d202baef2304e774e7c1e 100644 (file)
--- a/pdns/doh.hh
+++ b/pdns/doh.hh
@@ -9,6 +9,7 @@ struct DOHFrontend
   std::vector<std::pair<std::string, std::string>> d_certKeyPairs;
   std::string d_ciphers;
   std::string d_ciphers13;
+  std::string d_serverTokens{"h2o/dnsdist"};
   ComboAddress d_local;
 
   uint32_t d_idleTimeout{30};             // HTTP idle timeout in seconds