core: Add full TSIG verification in DoH transport (#8013)

* core: Add full TSIG verification in DoH transport This PR add full TSIG verification in DoH using dns.TsigVerify() 7943 --------- Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2026-04-10 14:05:32 -04:00 · 2026-04-09 05:24:00 -07:00
parent 18d692a986
commit c0e6e7cef3
4 changed files with 233 additions and 20 deletions
--- a/core/dnsserver/https.go
+++ b/core/dnsserver/https.go
@@ -17,6 +17,9 @@ type DoHWriter struct {
 	// request is the HTTP request we're currently handling.
 	request *http.Request

+	// tsigStatus stores the TSIG verification result for the request.
+	tsigStatus error
+
 	// Msg is a response to be written to the client.
 	Msg *dns.Msg
 }
@@ -58,9 +61,9 @@ func (d *DoHWriter) Close() error {
 	return nil
 }

-// TsigStatus no-op implementation.
+// TsigStatus returns the TSIG verification status for this request.
 func (d *DoHWriter) TsigStatus() error {
-	return nil
+	return d.tsigStatus
 }

 // TsigTimersOnly no-op implementation.