From: Mark Andrews <marka@isc.org>
Date: Fri, 28 Mar 2025 01:08:37 +0000 (+1100)
Subject: Check DNS COOKIE, NSID and BADVERS
X-Git-Tag: v9.21.8~26^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f69b4bc5e0472035259dfc9df03ee0a9c02925dc;p=thirdparty%2Fbind9.git

Check DNS COOKIE, NSID and BADVERS

DNS COOKIE and NSID should also be being processed when returning
BADVERS.  Check that this has actually occured by looking for the
cookie and nsid in the response.
---

diff --git a/bin/tests/system/ednscompliance/ns1/named.conf.in b/bin/tests/system/ednscompliance/ns1/named.conf.in
index 1334c85cf27..3a640fff221 100644
--- a/bin/tests/system/ednscompliance/ns1/named.conf.in
+++ b/bin/tests/system/ednscompliance/ns1/named.conf.in
@@ -21,6 +21,7 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	dnssec-validation no;
+	server-id "ns1";
 };
 
 zone "." {
diff --git a/bin/tests/system/ednscompliance/tests.sh b/bin/tests/system/ednscompliance/tests.sh
index 515951adcff..3fae21142ef 100644
--- a/bin/tests/system/ednscompliance/tests.sh
+++ b/bin/tests/system/ednscompliance/tests.sh
@@ -57,7 +57,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "Unknown EDNS version ($n)"
 ret=0 reason=
-$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsnegotiation soa $zone >dig.out$n || ret=1
+$DIG $DIGOPTS @10.53.0.1 +edns=100 +nsid +noednsnegotiation soa $zone >dig.out$n || ret=1
 grep "status: BADVERS," dig.out$n >/dev/null || {
   ret=1
   reason="status"
@@ -66,6 +66,14 @@ grep "EDNS: version: 0," dig.out$n >/dev/null || {
   ret=1
   reason="version"
 }
+grep "; COOKIE: .* (good)" dig.out$n >/dev/null || {
+  ret=1
+  reason="cookie missing"
+}
+grep '; NSID: 6e 73 31 ("ns1")' dig.out$n >/dev/null || {
+  ret=1
+  reason="nsid missing"
+}
 grep "IN.SOA." dig.out$n >/dev/null && {
   ret=1
   reason="soa"