ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Check "require-cookie yes;" triggers TCP fallback on no cookie

Browse Source
This commit is contained in:
Mark Andrews
2021-11-10 16:41:46 +11:00
parent 7751e5e039
commit 9d893d55e0
5 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
bin/tests/system/cookie/ns7/from-no-cookie-server.example.db Normal file
View File

@@ -0,0 +1,14 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
@ SOA ns7 hostmaster.isc.org. 1 600 600 1200 600
@ NS ns7
ns7 A 10.53.0.7

5
bin/tests/system/cookie/ns7/named.conf.in
View File

@@ -29,3 +29,8 @@ zone "." {
type primary;
file "root.db";
};
zone "from-no-cookie-server.example" {
type primary;
file "from-no-cookie-server.example.db";
};

6
bin/tests/system/cookie/ns8/example.db
View File

@@ -9,5 +9,7 @@
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
@ 3600 SOA . . 0 0 0 0 0
@ 3600 NS .
@ 3600 SOA . . 0 0 0 0 0
@ 3600 NS .
from-no-cookie-server 3600 NS ns7.from-no-cookie-server
ns7.from-no-cookie-server 3600 A 10.53.0.7

2
bin/tests/system/cookie/ns8/named.conf.in
View File

@@ -33,6 +33,8 @@ options {
require-server-cookie yes;
};
server 10.53.0.7 { require-cookie yes; };
zone "example" {
type primary;
file "example.db";

11
bin/tests/system/cookie/tests.sh
View File

@@ -214,6 +214,17 @@ if [ $linecount != 2 ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking 'server <prefix> { require-cookie yes; };' triggers TCP when cookie not returned ($n)"
ret=0
nextpart ns8/named.run > /dev/null
$DIG $DIGOPTS +cookie soa from-no-cookie-server.example @10.53.0.8 > dig.out.test$n
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
wait_for_log_peek 3 "missing required cookie from 10.53.0.7#" ns8/named.run || ret=1
wait_for_log_peek 3 "from-no-cookie-server.example/SOA): connecting via TCP" ns8/named.run || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "send undersized cookie ($n)"
ret=0