Check DNS COOKIE, NSID and BADVERS

DNS COOKIE and NSID should also be being processed when returning BADVERS. Check that this has actually occured by looking for the cookie and nsid in the response.
2025-04-18 09:44:09 +03:00 · 2025-03-28 12:08:37 +11:00 · 2025-03-28 12:08:37 +11:00 · f69b4bc5e0
commit f69b4bc5e0
parent 44140cad3b
2 changed files with 10 additions and 1 deletions
--- a/bin/tests/system/ednscompliance/ns1/named.conf.in
+++ b/bin/tests/system/ednscompliance/ns1/named.conf.in
@ -21,6 +21,7 @@ options {
 	listen-on-v6 { none; };
 	recursion no;
 	dnssec-validation no;
+	server-id "ns1";
 };

 zone "." {
--- a/bin/tests/system/ednscompliance/tests.sh
+++ b/bin/tests/system/ednscompliance/tests.sh
@ -57,7 +57,7 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "Unknown EDNS version ($n)"
 ret=0 reason=
-$DIG $DIGOPTS @10.53.0.1 +edns=100 +noednsnegotiation soa $zone >dig.out$n || ret=1
+$DIG $DIGOPTS @10.53.0.1 +edns=100 +nsid +noednsnegotiation soa $zone >dig.out$n || ret=1
 grep "status: BADVERS," dig.out$n >/dev/null || {
  ret=1
  reason="status"
@ -66,6 +66,14 @@ grep "EDNS: version: 0," dig.out$n >/dev/null || {
  ret=1
  reason="version"
 }
+grep "; COOKIE: .* (good)" dig.out$n >/dev/null || {
+  ret=1
+  reason="cookie missing"
+}
+grep '; NSID: 6e 73 31 ("ns1")' dig.out$n >/dev/null || {
+  ret=1
+  reason="nsid missing"
+}
 grep "IN.SOA." dig.out$n >/dev/null && {
  ret=1
  reason="soa"