stream-dns icon indicating copy to clipboard operation
stream-dns copied to clipboard
verified publisher icon CleverCloud

Support DNS cookie

Open NotBad4U opened this issue 6 years ago • 0 comments

RFC 7873

DNS cookies

DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and amplification/forgery or cache poisoning attacks by off-path attackers.

Purpose

To increase the security of communication between stream-dns and a DNS client, we can support DNS Cookie for UDP query. This feature is indeed supported by our DNS library.

How to

m := new(dns.Msg)
m.Question = make([]dns.Question, 1)
c := new(dns.Client)
m.Question[0] = dns.Question{zone, dns.TypeSOA, dns.ClassINET}

o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
o.Hdr.Class = 4096

e := new(dns.EDNS0_COOKIE)
e.Code = dns.EDNS0COOKIE
e.Cookie = "fb40ce9a68a6f1f0"
o.Option = append(o.Option, e)

m.Extra = make([]dns.RR, 1)
m.Extra[0] = o

NotBad4U avatar Dec 04 '19 13:12 NotBad4U