- Set default for answer-cookie to no. Because in server deployments

with mixed server software, a default of yes causes issues.
NLnetLabs · Oct 7, 2021 · 17e1b2a · 17e1b2a
1 parent baa2686
commit 17e1b2a
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 2 deletions.
diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -1,3 +1,7 @@
+7 October 2021: Wouter
+	- Set default for answer-cookie to no. Because in server deployments
+	  with mixed server software, a default of yes causes issues.
+
 4 October 2021: Wouter
 	- Tag for 4.3.8rc1.
 

diff --git a/nsd.conf.5.in b/nsd.conf.5.in
@@ -494,7 +494,7 @@ With the value 0 the rate is unlimited.
 .TP
 .B answer\-cookie:\fR <yes or no>
 Enable to answer to requests containig DNS Cookies as specified in RFC7873.
-Default is yes.
+Default is no.
 .TP
 .B cookie\-secret:\fR <128 bit hex string>
 Servers in an anycast deployment need to be able to  verify  each other's DNS

diff --git a/options.c b/options.c
@@ -131,7 +131,7 @@ nsd_options_create(region_type* region)
 	opt->tls_service_pem = NULL;
 	opt->tls_port = TLS_PORT;
 	opt->tls_cert_bundle = NULL;
-	opt->answer_cookie = 1;
+	opt->answer_cookie = 0;
 	opt->cookie_secret = NULL;
 	opt->cookie_secret_file = CONFIGDIR"/nsd_cookiesecrets.txt";
 	opt->control_enable = 0;