nsd 4.3.7 shipped with DNS cookies on and then flipped to a default of

in 4.3.8. Since we shipped 4.3.7 in 7.0 we should not flip-flop
between on and off all the time. Keep the default to on.
Suggested by & OK sthen

diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in
index 4ee4b12..9ae376f 100644 (file)
--- a/usr.sbin/nsd/nsd.conf.5.in
+++ b/usr.sbin/nsd/nsd.conf.5.in
@@ -494,7 +494,7 @@ With the value 0 the rate is unlimited.
 .TP
 .B answer\-cookie:\fR <yes or no>
 Enable to answer to requests containig DNS Cookies as specified in RFC7873.
-Default is no.
+Default is yes.
 .TP
 .B cookie\-secret:\fR <128 bit hex string>
 Servers in an anycast deployment need to be able to  verify  each other's DNS

diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c
index 6411959..d8fe022 100644 (file)
--- a/usr.sbin/nsd/options.c
+++ b/usr.sbin/nsd/options.c
@@ -131,7 +131,7 @@ nsd_options_create(region_type* region)
        opt->tls_service_pem = NULL;
        opt->tls_port = TLS_PORT;
        opt->tls_cert_bundle = NULL;
-       opt->answer_cookie = 0;
+       opt->answer_cookie = 1;
        opt->cookie_secret = NULL;
        opt->cookie_secret_file = CONFIGDIR"/nsd_cookiesecrets.txt";
        opt->control_enable = 0;