1. DNS/KnotResolver/cookies
| /dnslib-example /example-2 /query_example |
http://knot-resolver.readthedocs.io/en/latest/modules.html#dns-cookies
/query_example /example-2 /dnslib-example /dnslib/proxy
python simple zone serverでquery logを見る。 -- ToshinoriMaeno 2017-04-13 23:27:50
2. DNS Cookies
The module performs most of the RFC 7873 DNS cookies functionality.
- Its main purpose is to check the cookies of inbound queries and responses.
It is also used to alter the behaviour of the cookie functionality.
-- Load the module before the 'iterate' layer.
modules = {
'cookies < iterate'
}
-- Configure the client part of the resolver. Set 8 bytes of the client
-- secret and choose the hashing algorithm to be used.
-- Use a string composed of hexadecimal digits to set the secret.
cookies.config { client_secret = '0123456789ABCDEF',
client_cookie_alg = 'FNV-64' }
-- Configure the server part of the resolver.
cookies.config { server_secret = 'FEDCBA9876543210',
server_cookie_alg = 'FNV-64' }
-- Enable client cookie functionality. (Add cookies into outbound
-- queries.)
cookies.config { client_enabled = true }
-- Enable server cookie functionality. (Handle cookies in inbound
-- requests.)
cookies.config { server_enabled = true }The function may be called without any parameter.
- In such case it only returns current configuration. The returned JSON also contains available algorithm choices.
cookies.config()
$ sudo kresd -v --addr=127.0.0.3#53
[system] interactive mode
> cookies.config()
[client_cookie_alg] => FNV-64
[available_client_cookie_algs] => {
[1] => FNV-64
[2] => HMAC-SHA256-64
}
[server_secret] => FEDCBA9876543210
[server_enabled] => true
[client_enabled] => true
[available_server_cookie_algs] => {
[1] => FNV-64
[2] => HMAC-SHA256-64
}
[server_cookie_alg] => FNV-64
[client_secret] => 0123456789ABCDEF