1. DNS/KnotResolver/cookies

http://knot-resolver.readthedocs.io/en/latest/modules.html#dns-cookies

/query_example /example-2 /dnslib-example /dnslib/proxy

python simple zone serverでquery logを見る。 -- ToshinoriMaeno 2017-04-13 23:27:50

2. DNS Cookies

The module performs most of the RFC 7873 DNS cookies functionality.

It is also used to alter the behaviour of the cookie functionality.

-- Load the module before the 'iterate' layer.
modules = {
        'cookies < iterate'
}

-- Configure the client part of the resolver. Set 8 bytes of the client
-- secret and choose the hashing algorithm to be used.
-- Use a string composed of hexadecimal digits to set the secret.
cookies.config { client_secret = '0123456789ABCDEF',
                 client_cookie_alg = 'FNV-64' }

-- Configure the server part of the resolver.
cookies.config { server_secret = 'FEDCBA9876543210',
                  server_cookie_alg = 'FNV-64' }

-- Enable client cookie functionality. (Add cookies into outbound
-- queries.)
cookies.config { client_enabled = true }

-- Enable server cookie functionality. (Handle cookies in inbound
-- requests.)
cookies.config { server_enabled = true }

The function may be called without any parameter.

cookies.config()

$ sudo kresd -v --addr=127.0.0.3#53

[system] interactive mode
> cookies.config()
[client_cookie_alg] => FNV-64
[available_client_cookie_algs] => {
    [1] => FNV-64
    [2] => HMAC-SHA256-64
}
[server_secret] => FEDCBA9876543210
[server_enabled] => true
[client_enabled] => true
[available_server_cookie_algs] => {
    [1] => FNV-64
    [2] => HMAC-SHA256-64
}
[server_cookie_alg] => FNV-64
[client_secret] => 0123456789ABCDEF