From: florian Date: Sun, 24 Oct 2021 12:16:14 +0000 (+0000) Subject: nsd 4.3.7 shipped with DNS cookies on and then flipped to a default of X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=214d9bc090832ddc99f8bb55822170275da05b9d;p=openbsd nsd 4.3.7 shipped with DNS cookies on and then flipped to a default of in 4.3.8. Since we shipped 4.3.7 in 7.0 we should not flip-flop between on and off all the time. Keep the default to on. Suggested by & OK sthen --- diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in index 4ee4b1292f9..9ae376f288c 100644 --- a/usr.sbin/nsd/nsd.conf.5.in +++ b/usr.sbin/nsd/nsd.conf.5.in @@ -494,7 +494,7 @@ With the value 0 the rate is unlimited. .TP .B answer\-cookie:\fR Enable to answer to requests containig DNS Cookies as specified in RFC7873. -Default is no. +Default is yes. .TP .B cookie\-secret:\fR <128 bit hex string> Servers in an anycast deployment need to be able to verify each other's DNS diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c index 6411959e8c6..d8fe022b412 100644 --- a/usr.sbin/nsd/options.c +++ b/usr.sbin/nsd/options.c @@ -131,7 +131,7 @@ nsd_options_create(region_type* region) opt->tls_service_pem = NULL; opt->tls_port = TLS_PORT; opt->tls_cert_bundle = NULL; - opt->answer_cookie = 0; + opt->answer_cookie = 1; opt->cookie_secret = NULL; opt->cookie_secret_file = CONFIGDIR"/nsd_cookiesecrets.txt"; opt->control_enable = 0;