# tls-win-cert: no
# Pad queries over TLS upstreams
- # pad-queries: no
+ # pad-queries: yes
# Padded queries will be padded to the closest multiple of this size.
# pad-queries-block-size: 128
.B pad\-queries: \fI<yes or no>
If enabled, all queries sent over TLS upstreams will be padded to the closest
multiple of the size specified in \fBpad\-queries\-block\-size\fR.
-Default is no.
+Default is yes.
.TP
.B pad\-queries\-block\-size: \fI<number>
The block size with which to pad queries sent over TLS upstreams.
cfg->dnscrypt_nonce_cache_slabs = 4;
cfg->pad_responses = 1;
cfg->pad_responses_block_size = 468; /* from RFC8467 */
- cfg->pad_queries = 0;
+ cfg->pad_queries = 1;
cfg->pad_queries_block_size = 128; /* from RFC8467 */
#ifdef USE_IPSECMOD
cfg->ipsecmod_enabled = 1;
/* By use of calc_edns_field_size, calling functions should
* have made sure that there is enough space for at least a
- * zero sized padding option, but it cannot harm to leave it
- * out if there isn't.
+ * zero sized padding option.
*/
log_assert(pad_pos + 4 <= msg_sz);
projects / thirdparty / unbound.git / commitdiff
