From: Willem Toorop Date: Tue, 14 Apr 2020 06:52:51 +0000 (+0200) Subject: pad-queries default yes X-Git-Tag: release-1.13.1rc1~10^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c8a91c2f9de8a4bfde7ef0567c317ff1301b382;p=thirdparty%2Funbound.git pad-queries default yes --- diff --git a/doc/example.conf.in b/doc/example.conf.in index ff68db014..ac282950f 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -771,7 +771,7 @@ server: # tls-win-cert: no # Pad queries over TLS upstreams - # pad-queries: no + # pad-queries: yes # Padded queries will be padded to the closest multiple of this size. # pad-queries-block-size: 128 diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 12c2b20f6..107ccb938 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -560,7 +560,7 @@ Default is 468. .B pad\-queries: \fI If enabled, all queries sent over TLS upstreams will be padded to the closest multiple of the size specified in \fBpad\-queries\-block\-size\fR. -Default is no. +Default is yes. .TP .B pad\-queries\-block\-size: \fI The block size with which to pad queries sent over TLS upstreams. diff --git a/util/config_file.c b/util/config_file.c index 7f7f2dc22..1071f9a7b 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -324,7 +324,7 @@ config_create(void) cfg->dnscrypt_nonce_cache_slabs = 4; cfg->pad_responses = 1; cfg->pad_responses_block_size = 468; /* from RFC8467 */ - cfg->pad_queries = 0; + cfg->pad_queries = 1; cfg->pad_queries_block_size = 128; /* from RFC8467 */ #ifdef USE_IPSECMOD cfg->ipsecmod_enabled = 1; diff --git a/util/data/msgencode.c b/util/data/msgencode.c index debb9eed1..49e48954b 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -843,8 +843,7 @@ attach_edns_record_max_msg_sz(sldns_buffer* pkt, struct edns_data* edns, /* By use of calc_edns_field_size, calling functions should * have made sure that there is enough space for at least a - * zero sized padding option, but it cannot harm to leave it - * out if there isn't. + * zero sized padding option. */ log_assert(pad_pos + 4 <= msg_sz);