4 cookie-secret: "000102030405060708090a0b0c0d0e0f"
5 access-control: 127.0.0.1 allow_cookie
6 access-control: 1.2.3.4 allow
7 local-data: "test. TXT test"
11 SCENARIO_BEGIN Test downstream DNS Cookies
13 ; Note: When a valid hash was required, it was generated by running this test
14 ; with an invalid one and checking the output for the valid one.
15 ; Actual hash generation is tested with unit tests.
17 ; Query without a client cookie ...
24 ; ... get TC and refused
28 REPLY QR RD RA TC REFUSED
33 ; Query without a client cookie on TCP ...
45 REPLY QR RD RA AA NOERROR
52 ; Query with only a client cookie ...
62 31 32 33 34 35 36 37 38 ; Random bits
65 ; ... get BADCOOKIE and a new cookie
68 MATCH all server_cookie
69 REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode
74 ; Query with an invalid cookie ...
84 31 32 33 34 35 36 37 38 ; Random bits
85 02 00 00 00 ; wrong version
86 00 00 00 00 ; Timestamp
87 31 32 33 34 35 36 37 38 ; wrong hash
90 ; ... get BADCOOKIE and a new cookie
93 MATCH all server_cookie
94 REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode
99 ; Query with an invalid cookie from a non-cookie protected address ...
100 STEP 40 QUERY ADDRESS 1.2.3.4
109 31 32 33 34 35 36 37 38 ; Random bits
110 02 00 00 00 ; wrong version
111 00 00 00 00 ; Timestamp
112 31 32 33 34 35 36 37 38 ; wrong hash
115 ; ... get answer and a cookie
118 MATCH all server_cookie
119 REPLY QR RD RA AA DO NOERROR
126 ; Query with a valid cookie ...
136 31 32 33 34 35 36 37 38 ; Random bits
137 01 00 00 00 ; Version/Reserved
138 00 00 00 00 ; Timestamp
139 38 52 7b a8 c6 a4 ea 96 ; Hash
142 ; ... get answer and the cookie
145 MATCH all server_cookie
146 REPLY QR RD RA AA DO NOERROR
153 ; Query with a valid >30 minutes old cookie ...
154 STEP 59 TIME_PASSES ELAPSE 1801
164 31 32 33 34 35 36 37 38 ; Random bits
165 01 00 00 00 ; Version/Reserved
166 00 00 00 00 ; Timestamp
167 38 52 7b a8 c6 a4 ea 96 ; Hash
170 ; ... Get answer and a refreshed cookie
171 ; (we don't check the re-freshness here; it has its own unit test)
174 MATCH all server_cookie
175 REPLY QR RD RA AA DO NOERROR
182 ; Query with a hash-valid >60 minutes old cookie ...
183 STEP 69 TIME_PASSES ELAPSE 3601
193 31 32 33 34 35 36 37 38 ; Random bits
194 01 00 00 00 ; Version/Reserved
195 00 00 07 09 ; Timestamp (1801)
196 77 81 38 e3 8f aa 72 86 ; Hash
199 ; ... get BADCOOKIE and a new cookie
202 MATCH all server_cookie
203 REPLY QR RD RA DO YXRRSET ; BADCOOKIE is an extended rcode
208 ; Query with a valid future (<5 minutes) cookie ...
218 31 32 33 34 35 36 37 38 ; Random bits
219 01 00 00 00 ; Version/Reserved
220 00 00 16 45 ; Timestamp (1801 + 3601 + 299)
221 4a f5 0f df f0 e8 c7 09 ; Hash
227 MATCH all server_cookie
228 REPLY QR RD RA AA DO NOERROR