## page was renamed from DNS/1/security/cookies/KnotResolver == DNS/KnotResolver/cookies == <> http://knot-resolver.readthedocs.io/en/latest/modules.html#dns-cookies [[/query_example]] [[/example-2]] [[/dnslib-example]] [[/dnslib/proxy]] python simple zone serverでquery logを見る。 -- ToshinoriMaeno <> [[DNS/実装/python/dnslib/ゾーンサーバー]] == DNS Cookies == The module performs most of the RFC 7873 DNS cookies functionality. Its main purpose is to check the cookies of inbound queries and responses. It is also used to alter the behaviour of the cookie functionality. {{{ -- Load the module before the 'iterate' layer. modules = { 'cookies < iterate' } -- Configure the client part of the resolver. Set 8 bytes of the client -- secret and choose the hashing algorithm to be used. -- Use a string composed of hexadecimal digits to set the secret. cookies.config { client_secret = '0123456789ABCDEF', client_cookie_alg = 'FNV-64' } -- Configure the server part of the resolver. cookies.config { server_secret = 'FEDCBA9876543210', server_cookie_alg = 'FNV-64' } -- Enable client cookie functionality. (Add cookies into outbound -- queries.) cookies.config { client_enabled = true } -- Enable server cookie functionality. (Handle cookies in inbound -- requests.) cookies.config { server_enabled = true } }}} The function may be called without any parameter. In such case it only returns current configuration. The returned JSON also contains available algorithm choices. {{{ cookies.config() }}} $ sudo kresd -v --addr=127.0.0.3#53 {{{ [system] interactive mode > cookies.config() [client_cookie_alg] => FNV-64 [available_client_cookie_algs] => { [1] => FNV-64 [2] => HMAC-SHA256-64 } [server_secret] => FEDCBA9876543210 [server_enabled] => true [client_enabled] => true [available_server_cookie_algs] => { [1] => FNV-64 [2] => HMAC-SHA256-64 } [server_cookie_alg] => FNV-64 [client_secret] => 0123456789ABCDEF }}}