1 1.1 christos ; config options 2 1.1 christos server: 3 1.1 christos answer-cookie: yes 4 1.1 christos cookie-secret: "000102030405060708090a0b0c0d0e0f" 5 1.1 christos access-control: 127.0.0.1 allow_cookie 6 1.1 christos access-control: 1.2.3.4 allow 7 1.1 christos local-data: "test. TXT test" 8 1.1 christos 9 1.1 christos CONFIG_END 10 1.1 christos 11 1.1 christos SCENARIO_BEGIN Test downstream DNS Cookies 12 1.1 christos 13 1.1 christos ; Note: When a valid hash was required, it was generated by running this test 14 1.1 christos ; with an invalid one and checking the output for the valid one. 15 1.1 christos ; Actual hash generation is tested with unit tests. 16 1.1 christos 17 1.1 christos ; Query without a client cookie ... 18 1.1 christos STEP 0 QUERY 19 1.1 christos ENTRY_BEGIN 20 1.1 christos REPLY RD 21 1.1 christos SECTION QUESTION 22 1.1 christos test. IN TXT 23 1.1 christos ENTRY_END 24 1.1 christos ; ... get TC and refused 25 1.1 christos STEP 1 CHECK_ANSWER 26 1.1 christos ENTRY_BEGIN 27 1.1 christos MATCH all 28 1.1 christos REPLY QR RD RA TC REFUSED 29 1.1 christos SECTION QUESTION 30 1.1 christos test. IN TXT 31 1.1 christos ENTRY_END 32 1.1 christos 33 1.1 christos ; Query without a client cookie on TCP ... 34 1.1 christos STEP 10 QUERY 35 1.1 christos ENTRY_BEGIN 36 1.1 christos REPLY RD 37 1.1 christos MATCH TCP 38 1.1 christos SECTION QUESTION 39 1.1 christos test. IN TXT 40 1.1 christos ENTRY_END 41 1.1 christos ; ... get an answer 42 1.1 christos STEP 11 CHECK_ANSWER 43 1.1 christos ENTRY_BEGIN 44 1.1 christos MATCH all 45 1.1 christos REPLY QR RD RA AA NOERROR 46 1.1 christos SECTION QUESTION 47 1.1 christos test. IN TXT 48 1.1 christos SECTION ANSWER 49 1.1 christos test. IN TXT "test" 50 1.1 christos ENTRY_END 51 1.1 christos 52 1.1 christos ; Query with only a client cookie ... 53 1.1 christos STEP 20 QUERY 54 1.1 christos ENTRY_BEGIN 55 1.1 christos REPLY RD 56 1.1 christos SECTION QUESTION 57 1.1 christos test. IN TXT 58 1.1 christos SECTION ADDITIONAL 59 1.1 christos HEX_EDNSDATA_BEGIN 60 1.1 christos 00 0a ; Opcode 10 61 1.1 christos 00 08 ; Length 8 62 1.1 christos 31 32 33 34 35 36 37 38 ; Random bits 63 1.1 christos HEX_EDNSDATA_END 64 1.1 christos ENTRY_END 65 1.1 christos ; ... get BADCOOKIE and a new cookie 66 1.1 christos STEP 21 CHECK_ANSWER 67 1.1 christos ENTRY_BEGIN 68 1.1 christos MATCH all server_cookie 69 1.1 christos REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode 70 1.1 christos SECTION QUESTION 71 1.1 christos test. IN TXT 72 1.1 christos ENTRY_END 73 1.1 christos 74 1.1 christos ; Query with an invalid cookie ... 75 1.1 christos STEP 30 QUERY 76 1.1 christos ENTRY_BEGIN 77 1.1 christos REPLY RD 78 1.1 christos SECTION QUESTION 79 1.1 christos test. IN TXT 80 1.1 christos SECTION ADDITIONAL 81 1.1 christos HEX_EDNSDATA_BEGIN 82 1.1 christos 00 0a ; Opcode 10 83 1.1 christos 00 18 ; Length 24 84 1.1 christos 31 32 33 34 35 36 37 38 ; Random bits 85 1.1 christos 02 00 00 00 ; wrong version 86 1.1 christos 00 00 00 00 ; Timestamp 87 1.1 christos 31 32 33 34 35 36 37 38 ; wrong hash 88 1.1 christos HEX_EDNSDATA_END 89 1.1 christos ENTRY_END 90 1.1 christos ; ... get BADCOOKIE and a new cookie 91 1.1 christos STEP 31 CHECK_ANSWER 92 1.1 christos ENTRY_BEGIN 93 1.1 christos MATCH all server_cookie 94 1.1 christos REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode 95 1.1 christos SECTION QUESTION 96 1.1 christos test. IN TXT 97 1.1 christos ENTRY_END 98 1.1 christos 99 1.1 christos ; Query with an invalid cookie from a non-cookie protected address ... 100 1.1 christos STEP 40 QUERY ADDRESS 1.2.3.4 101 1.1 christos ENTRY_BEGIN 102 1.1 christos REPLY RD 103 1.1 christos SECTION QUESTION 104 1.1 christos test. IN TXT 105 1.1 christos SECTION ADDITIONAL 106 1.1 christos HEX_EDNSDATA_BEGIN 107 1.1 christos 00 0a ; Opcode 10 108 1.1 christos 00 18 ; Length 24 109 1.1 christos 31 32 33 34 35 36 37 38 ; Random bits 110 1.1 christos 02 00 00 00 ; wrong version 111 1.1 christos 00 00 00 00 ; Timestamp 112 1.1 christos 31 32 33 34 35 36 37 38 ; wrong hash 113 1.1 christos HEX_EDNSDATA_END 114 1.1 christos ENTRY_END 115 1.1 christos ; ... get answer and a cookie 116 1.1 christos STEP 41 CHECK_ANSWER 117 1.1 christos ENTRY_BEGIN 118 1.1 christos MATCH all server_cookie 119 1.1 christos REPLY QR RD RA AA DO NOERROR 120 1.1 christos SECTION QUESTION 121 1.1 christos test. IN TXT 122 1.1 christos SECTION ANSWER 123 1.1 christos test. IN TXT "test" 124 1.1 christos ENTRY_END 125 1.1 christos 126 1.1 christos ; Query with a valid cookie ... 127 1.1 christos STEP 50 QUERY 128 1.1 christos ENTRY_BEGIN 129 1.1 christos REPLY RD 130 1.1 christos SECTION QUESTION 131 1.1 christos test. IN TXT 132 1.1 christos SECTION ADDITIONAL 133 1.1 christos HEX_EDNSDATA_BEGIN 134 1.1 christos 00 0a ; Opcode 10 135 1.1 christos 00 18 ; Length 24 136 1.1 christos 31 32 33 34 35 36 37 38 ; Random bits 137 1.1 christos 01 00 00 00 ; Version/Reserved 138 1.1 christos 00 00 00 00 ; Timestamp 139 1.1 christos 38 52 7b a8 c6 a4 ea 96 ; Hash 140 1.1 christos HEX_EDNSDATA_END 141 1.1 christos ENTRY_END 142 1.1 christos ; ... get answer and the cookie 143 1.1 christos STEP 51 CHECK_ANSWER 144 1.1 christos ENTRY_BEGIN 145 1.1 christos MATCH all server_cookie 146 1.1 christos REPLY QR RD RA AA DO NOERROR 147 1.1 christos SECTION QUESTION 148 1.1 christos test. IN TXT 149 1.1 christos SECTION ANSWER 150 1.1 christos test. IN TXT "test" 151 1.1 christos ENTRY_END 152 1.1 christos 153 1.1 christos ; Query with a valid >30 minutes old cookie ... 154 1.1 christos STEP 59 TIME_PASSES ELAPSE 1801 155 1.1 christos STEP 60 QUERY 156 1.1 christos ENTRY_BEGIN 157 1.1 christos REPLY RD 158 1.1 christos SECTION QUESTION 159 1.1 christos test. IN TXT 160 1.1 christos SECTION ADDITIONAL 161 1.1 christos HEX_EDNSDATA_BEGIN 162 1.1 christos 00 0a ; Opcode 10 163 1.1 christos 00 18 ; Length 24 164 1.1 christos 31 32 33 34 35 36 37 38 ; Random bits 165 1.1 christos 01 00 00 00 ; Version/Reserved 166 1.1 christos 00 00 00 00 ; Timestamp 167 1.1 christos 38 52 7b a8 c6 a4 ea 96 ; Hash 168 1.1 christos HEX_EDNSDATA_END 169 1.1 christos ENTRY_END 170 1.1 christos ; ... Get answer and a refreshed cookie 171 1.1 christos ; (we don't check the re-freshness here; it has its own unit test) 172 1.1 christos STEP 61 CHECK_ANSWER 173 1.1 christos ENTRY_BEGIN 174 1.1 christos MATCH all server_cookie 175 1.1 christos REPLY QR RD RA AA DO NOERROR 176 1.1 christos SECTION QUESTION 177 1.1 christos test. IN TXT 178 1.1 christos SECTION ANSWER 179 1.1 christos test. IN TXT "test" 180 1.1 christos ENTRY_END 181 1.1 christos 182 1.1 christos ; Query with a hash-valid >60 minutes old cookie ... 183 1.1 christos STEP 69 TIME_PASSES ELAPSE 3601 184 1.1 christos STEP 70 QUERY 185 1.1 christos ENTRY_BEGIN 186 1.1 christos REPLY RD 187 1.1 christos SECTION QUESTION 188 1.1 christos test. IN TXT 189 1.1 christos SECTION ADDITIONAL 190 1.1 christos HEX_EDNSDATA_BEGIN 191 1.1 christos 00 0a ; Opcode 10 192 1.1 christos 00 18 ; Length 24 193 1.1 christos 31 32 33 34 35 36 37 38 ; Random bits 194 1.1 christos 01 00 00 00 ; Version/Reserved 195 1.1 christos 00 00 07 09 ; Timestamp (1801) 196 1.1 christos 77 81 38 e3 8f aa 72 86 ; Hash 197 1.1 christos HEX_EDNSDATA_END 198 1.1 christos ENTRY_END 199 1.1 christos ; ... get BADCOOKIE and a new cookie 200 1.1 christos STEP 71 CHECK_ANSWER 201 1.1 christos ENTRY_BEGIN 202 1.1 christos MATCH all server_cookie 203 1.1 christos REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode 204 1.1 christos SECTION QUESTION 205 1.1 christos test. IN TXT 206 1.1 christos ENTRY_END 207 1.1 christos 208 1.1 christos ; Query with a valid future (<5 minutes) cookie ... 209 1.1 christos STEP 80 QUERY 210 1.1 christos ENTRY_BEGIN 211 1.1 christos REPLY RD 212 1.1 christos SECTION QUESTION 213 1.1 christos test. IN TXT 214 1.1 christos SECTION ADDITIONAL 215 1.1 christos HEX_EDNSDATA_BEGIN 216 1.1 christos 00 0a ; Opcode 10 217 1.1 christos 00 18 ; Length 24 218 1.1 christos 31 32 33 34 35 36 37 38 ; Random bits 219 1.1 christos 01 00 00 00 ; Version/Reserved 220 1.1 christos 00 00 16 45 ; Timestamp (1801 + 3601 + 299) 221 1.1 christos 4a f5 0f df f0 e8 c7 09 ; Hash 222 1.1 christos HEX_EDNSDATA_END 223 1.1 christos ENTRY_END 224 1.1 christos ; ... get an answer 225 1.1 christos STEP 81 CHECK_ANSWER 226 1.1 christos ENTRY_BEGIN 227 1.1 christos MATCH all server_cookie 228 1.1 christos REPLY QR RD RA AA DO NOERROR 229 1.1 christos SECTION QUESTION 230 1.1 christos test. IN TXT 231 1.1 christos SECTION ANSWER 232 1.1 christos test. IN TXT "test" 233 1.1 christos ENTRY_END 234 1.1 christos 235 1.1 christos SCENARIO_END 236
Indexes created Tue Jun 02 00:25:15 UTC 2026