From: Mark Andrews Date: Mon, 5 Nov 2018 04:55:19 +0000 (+1100) Subject: test require-server-cookie with rate-limit X-Git-Tag: v9.13.4~56^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=164370102a2a05807181cb048e44f6959a478761;p=thirdparty%2Fbind9.git test require-server-cookie with rate-limit --- diff --git a/bin/tests/system/cookie/ns8/example.db b/bin/tests/system/cookie/ns8/example.db new file mode 100644 index 00000000000..0693de06290 --- /dev/null +++ b/bin/tests/system/cookie/ns8/example.db @@ -0,0 +1,11 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 0 0 0 0 0 +@ 3600 NS . diff --git a/bin/tests/system/cookie/ns8/named.conf.in b/bin/tests/system/cookie/ns8/named.conf.in new file mode 100644 index 00000000000..36bc29d2f35 --- /dev/null +++ b/bin/tests/system/cookie/ns8/named.conf.in @@ -0,0 +1,37 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.8 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +options { + query-source address 10.53.0.8; + notify-source 10.53.0.8; + transfer-source 10.53.0.8; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.8; }; + listen-on-v6 { none; }; + dnssec-validation yes; + rate-limit {}; + require-server-cookie yes; +}; + +zone "example" { + type master; + file "example.db"; +}; diff --git a/bin/tests/system/cookie/setup.sh b/bin/tests/system/cookie/setup.sh index fa6de38c00d..7929f095450 100644 --- a/bin/tests/system/cookie/setup.sh +++ b/bin/tests/system/cookie/setup.sh @@ -20,3 +20,4 @@ copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns5/named.conf.in ns5/named.conf copy_setports ns6/named.conf.in ns6/named.conf copy_setports ns7/named.conf.in ns7/named.conf +copy_setports ns8/named.conf.in ns8/named.conf diff --git a/bin/tests/system/cookie/tests.sh b/bin/tests/system/cookie/tests.sh index 816f6a312b5..7708a59ce85 100755 --- a/bin/tests/system/cookie/tests.sh +++ b/bin/tests/system/cookie/tests.sh @@ -169,6 +169,17 @@ if [ $linecount != 2 ]; then ret=1; fi if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "checking require-server-cookie yes with rate-limit ($n)" +ret=0 +$DIG $DIGOPTS +qr +cookie +nobadcookie soa example @10.53.0.8 > dig.out.test$n +grep "flags: qr[^;]* ad[ ;]" dig.out.test$n > /dev/null && ret=1 +grep BADCOOKIE dig.out.test$n > /dev/null || ret=1 +linecount=`getcookie dig.out.test$n | wc -l` +if [ $linecount != 2 ]; then ret=1; fi +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + # # Test shared cookie-secret support. # diff --git a/util/copyrights b/util/copyrights index 6f4b833408f..ee921366886 100644 --- a/util/copyrights +++ b/util/copyrights @@ -824,6 +824,8 @@ ./bin/tests/system/cookie/ns6/root.hint ZONE 2017,2018 ./bin/tests/system/cookie/ns7/named.conf.in CONF-C 2018 ./bin/tests/system/cookie/ns7/root.db ZONE 2018 +./bin/tests/system/cookie/ns8/example.db ZONE 2018 +./bin/tests/system/cookie/ns8/named.conf.in CONF-C 2018 ./bin/tests/system/cookie/setup.sh SH 2018 ./bin/tests/system/cookie/tests.sh SH 2014,2015,2016,2017,2018 ./bin/tests/system/coverage/01-ksk-inactive/README X 2013,2018