Updated CHANGES note to include require-server-cookie:

4152. [func] Implement DNS COOKIE option. This replaces the experimental SIT option of BIND 9.10. The following named.conf directives are available: send-cookie, cookie-secret, cookie-algorithm, nocookie-udp-size and require-server-cookie. The following dig options are available: +[no]cookie[=value] and +[no]badcookie. [RT #39928]
2015-08-13 08:26:23 +10:00
parent 7c0f238c50
commit c631ff56bf
13 changed files with 172 additions and 42 deletions
--- a/bin/tests/system/cookie/tests.sh
+++ b/bin/tests/system/cookie/tests.sh
@@ -113,5 +113,26 @@ grep "10.53.0.2.*\[cookie=" ns1/named_dump.db > /dev/null|| ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+n=`expr $n + 1`
+echo "I:checking require-server-cookie default (no) ($n)"
+ret=0
+$DIG +qr +cookie +nobadcookie soa @10.53.0.1 -p 5300 > dig.out.test$n
+grep BADCOOKIE dig.out.test$n > /dev/null && ret=1
+linecount=`getcookie dig.out.test$n | wc -l`
+if [ $linecount != 2 ]; then ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo "I:checking require-server-cookie yes ($n)"
+ret=0
+$DIG +qr +cookie +nobadcookie soa @10.53.0.3 -p 5300 > dig.out.test$n
+grep BADCOOKIE dig.out.test$n > /dev/null || ret=1
+linecount=`getcookie dig.out.test$n | wc -l`
+if [ $linecount != 2 ]; then ret=1; fi
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+
 echo "I:exit status: $status"
 exit $status