From: TCY16 Date: Fri, 1 Jul 2022 13:39:13 +0000 (+0200) Subject: fix test and add mapage entry X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d3823f3b3dce87429f2f3ff90dc9f2940d96ae7;p=thirdparty%2Funbound.git fix test and add mapage entry --- diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index e36450bf3..a27a8e779 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -503,6 +503,15 @@ Enable udp upstream even if do-udp is no. Default is no, and this does not change anything. Useful for TLS service providers, that want no udp downstream but use udp to fetch data upstream. .TP +.B upstream-cookies: \fI +Enable EDNS cookies from upstream connections. DNS Cookies, as specified in +RFC 7873 and 9018 provide a limited-protection transaction security mechanism. +Once a cookie has been exchanged, the resolver and upstream are known to each +other and requests to the upstream can be exempted from rate limiting, for +example. Note that RFC9018 specifies that cookies should not be reused for +multiple outgoing interfaces, which is not supported at this time. The default +is no. +.TP .B tls\-upstream: \fI Enabled or disable whether the upstream queries use TLS only for transport. Default is no. Useful in tunneling scenarios. The TLS contains plain DNS in diff --git a/testcode/testpkts.c b/testcode/testpkts.c index 0219e6f94..af23c9dc2 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -1894,9 +1894,8 @@ adjust_packet(struct entry* match, uint8_t** answer_pkt, size_t *answer_len, reslen = origlen + 28; } else if (sldns_read_uint16(walk_query+2) == 24) { - /* update the RDLEN and OPTLEN */ + /* update the RDLEN */ sldns_write_uint16(rdlen_ptr_response, 28); - sldns_write_uint16(walk_response+2, 24); /* we fake verification of the cookie and send * it back like it's still valid. We renew the cookie