From: Remi Gacogne Date: Mon, 1 Sep 2025 16:29:57 +0000 (+0200) Subject: dnsdist: Skip EDNS padding content by default in the packet cache X-Git-Tag: rec-5.4.0-alpha1~247^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a537d35538d047234f0b2c5f91e96b6a37065626;p=thirdparty%2Fpdns.git dnsdist: Skip EDNS padding content by default in the packet cache Signed-off-by: Remi Gacogne --- diff --git a/pdns/dnsdistdist/dnsdist-cache.hh b/pdns/dnsdistdist/dnsdist-cache.hh index 64e19883c3..8efc1701c5 100644 --- a/pdns/dnsdistdist/dnsdist-cache.hh +++ b/pdns/dnsdistdist/dnsdist-cache.hh @@ -37,7 +37,7 @@ class DNSDistPacketCache : boost::noncopyable public: struct CacheSettings { - std::unordered_set d_optionsToSkip{EDNSOptionCode::COOKIE}; + std::unordered_set d_optionsToSkip{EDNSOptionCode::COOKIE, EDNSOptionCode::PADDING}; std::vector d_payloadRanks{}; size_t d_maxEntries{0}; size_t d_maximumEntrySize{4096}; diff --git a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc index b124b85c2e..94e3a0a0c4 100644 --- a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc +++ b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc @@ -1158,8 +1158,12 @@ bool loadConfigurationFromFile(const std::string& fileName, [[maybe_unused]] boo .d_keepStaleData = cache.keep_stale_data, }; std::unordered_set ranks; - for (const auto& option : cache.options_to_skip) { - settings.d_optionsToSkip.insert(pdns::checked_stoi(std::string(option))); + if (!cache.options_to_skip.empty()) { + settings.d_optionsToSkip.clear(); + settings.d_optionsToSkip.insert(EDNSOptionCode::COOKIE); + for (const auto& option : cache.options_to_skip) { + settings.d_optionsToSkip.insert(pdns::checked_stoi(std::string(option))); + } } if (cache.cookie_hashing) { settings.d_optionsToSkip.erase(EDNSOptionCode::COOKIE); diff --git a/pdns/dnsdistdist/dnsdist-lua-bindings-packetcache.cc b/pdns/dnsdistdist/dnsdist-lua-bindings-packetcache.cc index 6441128f72..9e08e3794f 100644 --- a/pdns/dnsdistdist/dnsdist-lua-bindings-packetcache.cc +++ b/pdns/dnsdistdist/dnsdist-lua-bindings-packetcache.cc @@ -62,6 +62,8 @@ void setupLuaBindingsPacketCache(LuaContext& luaCtx, bool client) } if (getOptionalValue(vars, "skipOptions", skipOptions) > 0) { + settings.d_optionsToSkip.clear(); + settings.d_optionsToSkip.insert(EDNSOptionCode::COOKIE); for (const auto& option : skipOptions) { settings.d_optionsToSkip.insert(option.second); } diff --git a/pdns/dnsdistdist/dnsdist-settings-definitions.yml b/pdns/dnsdistdist/dnsdist-settings-definitions.yml index 879386af0a..556623387d 100644 --- a/pdns/dnsdistdist/dnsdist-settings-definitions.yml +++ b/pdns/dnsdistdist/dnsdist-settings-definitions.yml @@ -1952,8 +1952,8 @@ packet_cache: description: "The maximum size, in bytes, of a DNS packet that can be inserted into the packet cache" - name: "options_to_skip" type: "Vec" - default: "" - description: "Extra list of EDNS option codes to skip when hashing the packet (if ``cookie_hashing`` above is false, EDNS cookie option number will be added to this list internally)" + default: "10, 12" + description: "Extra list of EDNS option codes to skip when hashing the packet (if ``cookie_hashing`` above is true, EDNS cookie option number (10) will be removed from this list internally)" - name: "payload_ranks" type: "Vec" default: "[]" diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index 329e364c32..d25fc8fe95 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -1053,6 +1053,9 @@ See :doc:`../guides/cache` for a how to. .. versionchanged:: 2.0.0 ``payloadRanks`` parameter added. + .. versionchanged:: 2.0.1 + ``skipOptions`` now includes 12 (PADDING) by default. + Creates a new :class:`PacketCache` with the settings specified. :param int maxEntries: The maximum number of entries in this cache @@ -1071,7 +1074,7 @@ See :doc:`../guides/cache` for a how to. * ``temporaryFailureTTL=60``: int - On a SERVFAIL or REFUSED from the backend, cache for this amount of seconds. * ``truncatedTTL=0``: int - On a truncated (TC=1, no records) response from the backend, cache for this amount of seconds. 0, the default, means that truncated answers are not cached. * ``cookieHashing=false``: bool - If true, EDNS Cookie values will be hashed, resulting in separate entries for different cookies in the packet cache. This is required if the backend is sending answers with EDNS Cookies; otherwise, a client might receive an answer with the wrong cookie. - * ``skipOptions={}``: Extra list of EDNS option codes to skip when hashing the packet (if ``cookieHashing`` above is false, EDNS cookie option number will be added to this list internally). + * ``skipOptions={12}``: Extra list of EDNS option codes to skip when hashing the packet (if ``cookieHashing`` above is false, EDNS cookie option number will be added to this list internally). * ``maximumEntrySize=4096``: int - The maximum size, in bytes, of a DNS packet that can be inserted into the packet cache. Default is 4096 bytes, which was the fixed size before 1.9.0, and is also a hard limit for UDP responses. * ``payloadRanks={}``: List of payload size used when hashing the packet. The list will be sorted in ascending order and searched to find a lower bound value for the payload size in the packet. If found then it will be used for packet hashing. Values less than 512 or greater than ``maximumEntrySize`` above will be discarded. This option is to enable cache entry sharing between clients using different payload sizes when needed.