1. DNS/KnotResolver/cookies
http://knot-resolver.readthedocs.io/en/latest/modules.html#dns-cookies
/query_example /example-2 /dnslib-example /dnslib/proxy
python simple zone serverでquery logを見る。 -- ToshinoriMaeno 2017-04-13 23:27:50
2. DNS Cookies
The module performs most of the RFC 7873 DNS cookies functionality.
- Its main purpose is to check the cookies of inbound queries and responses.
It is also used to alter the behaviour of the cookie functionality.
-- Load the module before the 'iterate' layer. modules = { 'cookies < iterate' } -- Configure the client part of the resolver. Set 8 bytes of the client -- secret and choose the hashing algorithm to be used. -- Use a string composed of hexadecimal digits to set the secret. cookies.config { client_secret = '0123456789ABCDEF', client_cookie_alg = 'FNV-64' } -- Configure the server part of the resolver. cookies.config { server_secret = 'FEDCBA9876543210', server_cookie_alg = 'FNV-64' } -- Enable client cookie functionality. (Add cookies into outbound -- queries.) cookies.config { client_enabled = true } -- Enable server cookie functionality. (Handle cookies in inbound -- requests.) cookies.config { server_enabled = true }
The function may be called without any parameter.
- In such case it only returns current configuration. The returned JSON also contains available algorithm choices.
cookies.config()
$ sudo kresd -v --addr=127.0.0.3#53
[system] interactive mode > cookies.config() [client_cookie_alg] => FNV-64 [available_client_cookie_algs] => { [1] => FNV-64 [2] => HMAC-SHA256-64 } [server_secret] => FEDCBA9876543210 [server_enabled] => true [client_enabled] => true [available_server_cookie_algs] => { [1] => FNV-64 [2] => HMAC-SHA256-64 } [server_cookie_alg] => FNV-64 [client_secret] => 0123456789ABCDEF