22 Srp
2016
22 Srp
'16
13:59
Hi everybody!
Today I wrote some code to test support for DNS Cookies. But unfortunately
I couldn't find any servers supporting DNS Cookies.
Of course this is most likely an error in my code.
I couldn't find anything in the documentation, so my question is, does knot
2.3.0 support DNS Cookies?
Could someone please point me to a server supporting DNS Cookies?
What would be a good test?
Right now I do send a query with a cookie and see if I get a cookie in
return.
Kind Regards
Ulrich
--
Ulrich Wisser
ulrich(a)wisser.se
22 Srp
22 Srp
14:19
Hello Ulrich,
Knot DNS doesn't support DNS cookies (yet). But Knot Resolver 1.1.0
does, both in the server and client role.
As for other authoritatives, BIND should support the cookies AFAIK. But
I haven't tried.
Cheers,
Jan
On 22.8.2016 13:59, Ulrich Wisser wrote:
Hi everybody!
Today I wrote some code to test support for DNS Cookies. But
unfortunately I couldn't find any servers supporting DNS Cookies.
Of course this is most likely an error in my code.
I couldn't find anything in the documentation, so my question is, does
knot 2.3.0 support DNS Cookies?
Could someone please point me to a server supporting DNS Cookies?
What would be a good test?
Right now I do send a query with a cookie and see if I get a cookie in
return.
Kind Regards
Ulrich
--
Ulrich Wisser
ulrich(a)wisser.se <mailto:ulrich@wisser.se>
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
14:49
As for other authoritatives, BIND should support the
cookies AFAIK. But
I haven't tried.
BIND 9.11 does which is due to be released within the next weeks. I'm
testing BIND 9.11b3 internally but unfortunately not on a public
reachable IP address. I also have a BIND 9.11b3 host as a resolver
configured. "bad cookie" responses are logged in the "resolver" log
category. So, I'm not sure the following auth. servers are good
candidates to test your code ;-)
85.195.97.250
2a01:7480:1:100
89.25.242.242
185.60.169.2
193.93.22.133
Daniel
24 Srp
24 Srp
13:07
Hi Daniel!
Thank you for the pointers to some cookie enabled servers!
I tried my code and I see a strange behavior. I even checked with wireshark.
I do send a request with the cookie option. The response contains a cookie
opt from the server, but I do not get back my client cookie.
My understanding of the RFC7873 is that the server copies the client cookie
from the client request and appends its own server cookie.
Here is what I see
Server 212.80.96.32 Port 53 Zone interconnect.ch
Send Cookie 0x329dadee3437b0d1
Client Cookie 0xf34d81b343a10000 Server Cookie
0x40cec0ebbf00000040cec0ebbf000000
Test9 failure! Client cookie did not match
I tested with several doing something wrong?
/Ulrich
Daniel Stirnimann <daniel.stirnimann(a)switch.ch> schrieb am Mo., 22. Aug.
2016 um 14:49 Uhr:
--
Ulrich Wisser
ulrich(a)wisser.se
As for other
authoritatives, BIND should support the cookies AFAIK. But
I haven't tried.
BIND 9.11 does which is due to be released within the next weeks. I'm
testing BIND 9.11b3 internally but unfortunately not on a public
reachable IP address. I also have a BIND 9.11b3 host as a resolver
configured. "bad cookie" responses are logged in the "resolver" log
category. So, I'm not sure the following auth. servers are good
candidates to test your code ;-)
85.195.97.250
2a01:7480:1:100
89.25.242.242
185.60.169.2
193.93.22.133
Daniel
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
13:18
Hello Ulrich,
I believe you are testing your code against broken implementations!
That's why my resolver logged the error "bad cookie". You need to look
elsewhere...
Daniel
On 24.08.16 13:07, Ulrich Wisser wrote:
Hi Daniel!
Thank you for the pointers to some cookie enabled servers!
I tried my code and I see a strange behavior. I even checked with wireshark.
I do send a request with the cookie option. The response contains a
cookie opt from the server, but I do not get back my client cookie.
My understanding of the RFC7873 is that the server copies the client
cookie from the client request and appends its own server cookie.
Here is what I see
Server 212.80.96.32 Port 53 Zone interconnect.ch <http://interconnect.ch>
Send Cookie 0x329dadee3437b0d1
Client Cookie 0xf34d81b343a10000 Server Cookie
0x40cec0ebbf00000040cec0ebbf000000
Test9 failure! Client cookie did not match
I tested with several doing something wrong?
/Ulrich
Daniel Stirnimann <daniel.stirnimann(a)switch.ch
<mailto:daniel.stirnimann@switch.ch>> schrieb am Mo., 22. Aug. 2016 um
14:49 Uhr:
As for other authoritatives, BIND should support
the cookies
AFAIK. But
I haven't tried.
BIND 9.11 does which is due to be released within the next weeks. I'm
testing BIND 9.11b3 internally but unfortunately not on a public
reachable IP address. I also have a BIND 9.11b3 host as a resolver
configured. "bad cookie" responses are logged in the "resolver"
log
category. So, I'm not sure the following auth. servers are good
candidates to test your code ;-)
85.195.97.250
2a01:7480:1:100
89.25.242.242
185.60.169.2
193.93.22.133
Daniel
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz <mailto:knot-dns-users@lists.nic.cz>
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
--
Ulrich Wisser
ulrich(a)wisser.se <mailto:ulrich@wisser.se>
2937
days inactive
2939
days old
4 comments
3 participants
participants (3)
-
Daniel Stirnimann -
Jan Včelák -
Ulrich Wisser