Add config option to toggle dns case randomization.

Signed-off-by: Jason Volk <jason@zemos.net>
2025-09-13 06:51:50 +00:00
parent e3a711482a
commit 69075b166f
3 changed files with 25 additions and 1 deletions
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@@ -385,6 +385,18 @@ pub struct Config {
 	#[serde(default)]
 	pub dns_passthru_appservices: bool,

+	/// Enable or disable case randomization for DNS queries. This is a security
+	/// mitigation where answer spoofing is prevented by having to exactly match
+	/// the question. Occasional errors seen in logs which may have lead you
+	/// here tend to be from overloading DNS. Nevertheless for servers which
+	/// are truly incapable this can be set to false.
+	///
+	/// This currently defaults to false due to user reports regarding some
+	/// popular DNS caches which may or may not be patched soon. It may again
+	/// default to true in an upcoming release.
+	#[serde(default)]
+	pub dns_case_randomization: bool,
+
 	/// Max request size for file uploads in bytes. Defaults to 20MB.
 	///
 	/// default: 20971520