Ensure we only create or modify one OPT record, not more. Also docume…

…nt `add_edns_options()` a bit more.

src/net/server/middleware/processors/cookies.rs

@@ -170,7 +170,7 @@ impl CookiesMiddlewareProcessor {
 
             // Note: if rcode is non-extended this will also correctly handle
             // setting the rcode in the main message header.
-            if let Err(err) = additional.opt(|opt| {
+            if let Err(err) = add_edns_options(&mut additional, |opt| {
                 opt.cookie(response_cookie)?;
                 opt.set_rcode(rcode);
                 Ok(())

src/net/server/middleware/processors/edns.rs

@@ -63,7 +63,7 @@ impl EdnsMiddlewareProcessor {
 
         // Note: if rcode is non-extended this will also correctly handle
         // setting the rcode in the main message header.
-        if let Err(err) = additional.opt(|opt| {
+        if let Err(err) = add_edns_options(&mut additional, |opt| {
             opt.set_rcode(rcode);
             Ok(())
         }) {

src/net/server/util.rs

@@ -200,7 +200,10 @@ where
 
 //----------- add_edns_option ------------------------------------------------
 
-/// Add an EDNS OPT option to a response.
+/// Adds one or more EDNS OPT options to a response.
+///
+/// If the response already has an OPT record the options will be added to
+/// that. Otherwise an OPT record will be created to hold the new options.
 pub fn add_edns_options<F, Target>(
     response: &mut AdditionalBuilder<StreamTarget<Target>>,
     op: F,
@@ -222,7 +225,7 @@ where
     // response are known. Or a completely different builder approach that can
     // edit a partially built message.
     if response.counts().arcount() > 0 {
-        // Make a copy of the response
+        // Make a copy of the response.
         let copied_response = response.as_slice().to_vec();
         let Ok(copied_response) = Message::from_octets(&copied_response)
         else {