On 2021-10-20 18:24 +02, Florian Obser <[email protected]> wrote:
> +4.3.8
> +================
> +FEATURES:
> + - Set default for answer-cookie to no. Because in server deployments
> + with mixed server software, a default of yes causes issues.
sthen and me think that we shouldn't flip-flop between cookie on and
cookie off since we shipped the cookie on default in 7.0.
This is on top of the 4.3.8 diff and reverts that behaviour to cookie on
as we have in 7.0.
OK?
diff --git nsd.conf.5.in nsd.conf.5.in
index 4ee4b1292f9..9ae376f288c 100644
--- nsd.conf.5.in
+++ nsd.conf.5.in
@@ -494,7 +494,7 @@ With the value 0 the rate is unlimited.
.TP
.B answer\-cookie:\fR <yes or no>
Enable to answer to requests containig DNS Cookies as specified in RFC7873.
-Default is no.
+Default is yes.
.TP
.B cookie\-secret:\fR <128 bit hex string>
Servers in an anycast deployment need to be able to verify each other's DNS
diff --git options.c options.c
index 6411959e8c6..d8fe022b412 100644
--- options.c
+++ options.c
@@ -131,7 +131,7 @@ nsd_options_create(region_type* region)
opt->tls_service_pem = NULL;
opt->tls_port = TLS_PORT;
opt->tls_cert_bundle = NULL;
- opt->answer_cookie = 0;
+ opt->answer_cookie = 1;
opt->cookie_secret = NULL;
opt->cookie_secret_file = CONFIGDIR"/nsd_cookiesecrets.txt";
opt->control_enable = 0;
--
I'm not entirely sure you are real.
