DNS cookies support

[0ln]

This is a basic attempt at implementing some kind of DNS cookies support into DNS Proxy.

I have been made aware of an issue involving them when struggling with DNS queries timeouts in Home Assistant (home-assistant/core#145708). Big thanks to @jimparis for their analysis of the situation.

I figured that if AdGuard Home treated and responded properly to queries containing cookies, this would mitigate the issue while retaining the security benefits of this feature.

This PR is an attempt at that. It implements DNS cookies handling in its simplest form according to RFC 7873:

• EDNS fields are set accordingly when a query containing a cookie is received
• Cookie calculations are deterministic which avoids the need to store them in a cache
• Configuration fields and launch arguments are available to disable this new implementation or to set a manual secret for cookie calculations
• Queries including cookies are treated correctly but no cookie is forwarded/created for upstream queries (this could be improved in the future)

Reviews and other contributions are more than welcome as this is merely a quick fix and I am absolutely not sure it even works at all.

[windsurf-bot]

Other comments (5)

• proxy/proxy.go (186-186) Consider using a regular `sync.Mutex` instead of `sync.RWMutex` for `cookieMu` since it's only protecting a single field. RWMutex has slightly more overhead and is beneficial only when you have many readers and few writers.
• proxy/cookie.go (88-104) There's a redundant call to stripCookie() here. The function already calls stripCookie() inside the if block and then returns. The second call outside the if block is unnecessary and will never be reached when !p.DisableDNSCookies.

  func (p *Proxy) handleRequestCookies(dctx *DNSContext) {
  	if dctx == nil || dctx.Req == nil {
  		return
  	}
  
  	if !p.DisableDNSCookies {
  		if client, _ := parseCookie(dctx.Req); len(client) > 0 {
  			dctx.ReqClientCookie = client
  		}
  	}
  
  	stripCookie(dctx.Req)
  }
  

• internal/cmd/config.go (43-43) The YAML tag for `DisableDNSCookies` uses underscores (`disable_dns_cookies`) while other fields in this file use hyphens (kebab-case). For consistency, consider changing this to `disable-dns-cookies`.
• internal/cmd/config.go (47-47) The YAML tag for `DNSCookieSecret` uses underscores (`dns_cookie_secret`) while other fields in this file use hyphens. For consistency, consider changing this to `dns-cookie-secret`.
• proxy/dnscontext.go (100-102) The `ReqClientCookie` field is exported while similar EDNS-related fields like `doBit`, `adBit`, and `hasEDNS0` are unexported. For consistency, consider making this field unexported (e.g., `reqClientCookie`) unless it needs to be accessed from outside the package.

💡 To request another review, post a new comment with "/windsurf-review".