]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Check "require-cookie yes;" triggers TCP fallback on no cookie
authorMark Andrews <marka@isc.org>
Wed, 10 Nov 2021 05:41:46 +0000 (16:41 +1100)
committerMark Andrews <marka@isc.org>
Tue, 13 Sep 2022 02:07:13 +0000 (12:07 +1000)
bin/tests/system/cookie/ns7/from-no-cookie-server.example.db [new file with mode: 0644]
bin/tests/system/cookie/ns7/named.conf.in
bin/tests/system/cookie/ns8/example.db
bin/tests/system/cookie/ns8/named.conf.in
bin/tests/system/cookie/tests.sh

diff --git a/bin/tests/system/cookie/ns7/from-no-cookie-server.example.db b/bin/tests/system/cookie/ns7/from-no-cookie-server.example.db
new file mode 100644 (file)
index 0000000..8e466a6
--- /dev/null
@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@      SOA     ns7 hostmaster.isc.org. 1 600 600 1200 600
+@      NS      ns7
+ns7    A       10.53.0.7
index c9518ae051d045bbe7f331913ee2483e833b7340..c910880cb7a631b895db90dc6292d2df8d0b2272 100644 (file)
@@ -29,3 +29,8 @@ zone "." {
        type primary;
        file "root.db";
 };
+
+zone "from-no-cookie-server.example" {
+       type primary;
+       file "from-no-cookie-server.example.db";
+};
index 7fa64d602dda665dc517d8e84dda5e10b214397a..443d5db417564fad09505e6f653c1c8701358ec6 100644 (file)
@@ -9,5 +9,7 @@
 ; See the COPYRIGHT file distributed with this work for additional
 ; information regarding copyright ownership.
 
-@      3600    SOA     . . 0 0 0 0 0
-@      3600    NS      .
+@                              3600    SOA     . . 0 0 0 0 0
+@                              3600    NS      .
+from-no-cookie-server          3600    NS      ns7.from-no-cookie-server
+ns7.from-no-cookie-server      3600    A       10.53.0.7
index 99ff66b1a271b3f24dba7dd93b385f3961bcf278..693f06a81edc93fc4863e4eb90ea0fdeb6ccde7f 100644 (file)
@@ -33,6 +33,8 @@ options {
        require-server-cookie yes;
 };
 
+server 10.53.0.7 { require-cookie yes; };
+
 zone "example" {
        type primary;
        file "example.db";
index 2e5de5ae904f9a198e8e6ba4d266d3ba2a0b8bb8..fc8e4225b7be02259bf64e59ece72cda95c90f9b 100755 (executable)
@@ -214,6 +214,17 @@ if [ $linecount != 2 ]; then ret=1; fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo_i "checking 'server <prefix> { require-cookie yes; };' triggers TCP when cookie not returned ($n)"
+ret=0
+nextpart ns8/named.run > /dev/null
+$DIG $DIGOPTS +cookie soa from-no-cookie-server.example @10.53.0.8 > dig.out.test$n
+grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+wait_for_log_peek 3 "missing required cookie from 10.53.0.7#" ns8/named.run || ret=1
+wait_for_log_peek 3 "from-no-cookie-server.example/SOA): connecting via TCP" ns8/named.run || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo_i "send undersized cookie ($n)"
 ret=0