Add a answer-cookie named config option

(cherry picked from commit 29305073575459a66f0a93b9becc4863fd1c0c6b)

diff --git a/bin/named/config.c b/bin/named/config.c
index ad310307d37764930ff9cc2d89a330846c81d330..059526802740fb8eb5e5a4d99ad1dcaee2d116c7 100644 (file)
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -47,7 +47,7 @@
 /*% default configuration */
 static char defaultconf[] = "\
 options {\n\
-#      answer-cookie <obsolete>;\n\
+       answer-cookie true;\n\
        automatic-interface-scan yes;\n\
        bindkeys-file \"" NAMED_SYSCONFDIR "/bind.keys\";\n\
 #      blackhole {none;};\n"

diff --git a/bin/named/server.c b/bin/named/server.c
index 8644581df94e7deb1aadce3e6c2f76a7dddc39c1..20151d3563d30d186e7f93081faee145de1e2f1a 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -8791,6 +8791,11 @@ load_configuration(const char *filename, named_server_t *server,
                server->flushonshutdown = ISC_FALSE;
        }
 
+       obj = NULL;
+       result = named_config_get(maps, "answer-cookie", &obj);
+       INSIST(result == ISC_R_SUCCESS);
+       server->sctx->answercookie = cfg_obj_asboolean(obj);
+
        obj = NULL;
        result = named_config_get(maps, "cookie-algorithm", &obj);
        INSIST(result == ISC_R_SUCCESS);

diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index cbcff2d856902d847a05802fc866fb79d68faa77..4526c660a7ce2acf513710369cda1d5870821a07 100644 (file)
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1031,7 +1031,7 @@ static cfg_type_t cfg_type_fstrm_model = {
  */
 static cfg_clausedef_t
 options_clauses[] = {
-       { "answer-cookie", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
+       { "answer-cookie", &cfg_type_boolean, 0 },
        { "automatic-interface-scan", &cfg_type_boolean, 0 },
        { "avoid-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
        { "avoid-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 2dc4434c0c882c1004e36ea6819fed9e01739ee4..48e116c433966796499e0c9874803d83b6032659 100644 (file)
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -1909,7 +1909,9 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
        /*
         * If we have already seen a cookie option skip this cookie option.
         */
-       if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
+       if ((!client->sctx->answercookie) ||
+           (client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0)
+       {
                isc_buffer_forward(buf, (unsigned int)optlen);
                return;
        }

diff --git a/lib/ns/include/ns/server.h b/lib/ns/include/ns/server.h
index bcfb69a92c5ec1c25927fa953c126e888f1105a8..1237d9c04cad0ac8be4592dd43b64c48dd78231c 100644 (file)
--- a/lib/ns/include/ns/server.h
+++ b/lib/ns/include/ns/server.h
@@ -76,6 +76,7 @@ struct ns_server {
        unsigned char           secret[32];
        ns_cookiealg_t          cookiealg;
        ns_altsecretlist_t      altsecrets;
+       isc_boolean_t           answercookie;
 
        /*% Quotas */
        isc_quota_t             recursionquota;

diff --git a/lib/ns/server.c b/lib/ns/server.c
index 01965aef649929c2e30d04fcf3e3d4bb304e81e0..707d850ed21a1f3accf0893d8d2a50a0e729bd7f 100644 (file)
--- a/lib/ns/server.c
+++ b/lib/ns/server.c
@@ -103,6 +103,7 @@ ns_server_create(isc_mem_t *mctx, ns_matchview_t matchingview,
        sctx->gethostname = NULL;
 
        sctx->matchingview = matchingview;
+       sctx->answercookie = ISC_TRUE;
 
        ISC_LIST_INIT(sctx->altsecrets);