Disable cookies if secret parsing fails

Author: zbalkan

DnsServerCore/Dns/DnsServer.cs

@@ -273,7 +273,7 @@ enum ServiceState
         readonly string _dnsCookiesSecretFile = "dns.cookies.state";
         readonly int _dnsCookiesRotationPeriodHours = 1;
 
-        Security.DnsCookieSecretManager _cookieSecrets;
+        Security.DnsCookieSecretManager _cookieSecrets = null;
         Security.DnsCookieValidator _cookieValidator;
         Timer _cookieRotationTimer;
 
@@ -1562,7 +1562,16 @@ private void InitDnsCookies()
                 ? _dnsCookiesSecretFile
                 : Path.Combine(_configFolder, _dnsCookiesSecretFile);
 
-            _cookieSecrets = new Security.DnsCookieSecretManager(secretPath);
+            try
+            {
+                _cookieSecrets = new Security.DnsCookieSecretManager(secretPath);
+            }
+            catch (Exception ex)
+            {
+                _log.Write("DNS Server encountered an error while loading DNS Cookies secrets: " + secretPath + "\r\n" + ex.ToString());
+                _log.Write("DNS Cookies will be disabled.");
+                return;
+            }
             _cookieValidator = new Security.DnsCookieValidator(_cookieSecrets);
 
             _cookieRotationTimer?.Dispose();
@@ -2565,6 +2574,7 @@ private async Task<DnsDatagram> ProcessRequestAsync(DnsDatagram request, IPEndPo
 
             // DNS Cookies (RFC 7873)
             if (protocol == DnsTransportProtocol.Udp &&
+                _cookieSecrets != null &&
                 request.EDNS != null &&
                 _cookieValidator != null)
             {