domain::base::opt

Module cookie

source
Expand description

EDNS Option for DNS cookies.

The option in this module – Cookie – is part of a simple mechanism that helps DNS servers to mitigate denial-of-service and amplification attacks called DNS cookies.

In this mechanism, the client creates a client cookie and includes it in its request to a server. When answering, the server generates a server cookie from the client cookie and a secret and includes it in the response. When the client sends subsequent queries to the same server, it includes both the same client cookie as before and the server cookie it received, thus identifying itself as having sent a query before. Because server cookies are deterministic for a given client cookie, the server doesn’t need to keep any state other than the secret.

The DNS Cookie mechanism is defined in RFC 7873. Guidance for creating client and server cookies is provided by RFC 9018.

Structs§