Check DNS COOKIE, NSID and BADVERS

DNS COOKIE and NSID should also be being processed when returning
BADVERS.  Check that this has actually occured by looking for the
cookie and nsid in the response.

(cherry picked from commit f69b4bc5e0472035259dfc9df03ee0a9c02925dc)

diff --git a/bin/tests/system/ednscompliance/ns1/named.conf.in b/bin/tests/system/ednscompliance/ns1/named.conf.in
index 1334c85cf270fb47589068b12fbb399cbfc38faa..3a640fff221f64cae018aa0e05cb898ceaf61f37 100644 (file)
--- a/bin/tests/system/ednscompliance/ns1/named.conf.in
+++ b/bin/tests/system/ednscompliance/ns1/named.conf.in
@@ -21,6 +21,7 @@ options {
        listen-on-v6 { none; };
        recursion no;
        dnssec-validation no;
+       server-id "ns1";
 };
 
 zone "." {

diff --git a/bin/tests/system/ednscompliance/tests.sh b/bin/tests/system/ednscompliance/tests.sh
index 515951adcff43c23fee765ae2093d875a655a3ec..3fae21142eff6ce76046e2ae30355a25ff4a8ffe 100644 (file)
--- a/bin/tests/system/ednscompliance/tests.sh
+++ b/bin/tests/system/ednscompliance/tests.sh
@@ -57,7 +57,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "Unknown EDNS version ($n)"
 ret=0 reason=
-$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsnegotiation soa $zone >dig.out$n || ret=1
+$DIG $DIGOPTS @10.53.0.1 +edns=100 +nsid +noednsnegotiation soa $zone >dig.out$n || ret=1
 grep "status: BADVERS," dig.out$n >/dev/null || {
   ret=1
   reason="status"
@@ -66,6 +66,14 @@ grep "EDNS: version: 0," dig.out$n >/dev/null || {
   ret=1
   reason="version"
 }
+grep "; COOKIE: .* (good)" dig.out$n >/dev/null || {
+  ret=1
+  reason="cookie missing"
+}
+grep '; NSID: 6e 73 31 ("ns1")' dig.out$n >/dev/null || {
+  ret=1
+  reason="nsid missing"
+}
 grep "IN.SOA." dig.out$n >/dev/null && {
   ret=1
   reason="soa"