set edns-subnet scope mask

author Peter van Dijk <peter.van.dijk@powerdns.com>

Fri, 23 May 2025 12:14:43 +0000 (14:14 +0200)

committer Miod Vallat <miod.vallat@powerdns.com>

Mon, 26 May 2025 11:49:13 +0000 (13:49 +0200)
author Peter van Dijk <peter.van.dijk@powerdns.com>
Fri, 23 May 2025 12:14:43 +0000 (14:14 +0200)
committer Miod Vallat <miod.vallat@powerdns.com>
Mon, 26 May 2025 11:49:13 +0000 (13:49 +0200)
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc

index f20b7e4400e5cd2f6e7213d39837d934811bae57..5f7407fa1e8bd6c14f26d2bd6ceff76bf45265e0 100644 (file)
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -369,8 +369,14 @@ void DNSPacket::wrapup(bool throwsOnTruncation)
  
        if(d_haveednssubnet) {
          EDNSSubnetOpts eso = d_eso;
-        // use the scopeMask from the resolver, if it is greater - issue #5469
-        maxScopeMask = max(maxScopeMask, eso.getScopePrefixLength());
+        if (!d_span.empty()) {
+          // if view handling set our span, we assume this is the best number
+          maxScopeMask = d_span.getBits();
+        }
+        else {
+          // use the scopeMask from the resolver, if it is greater - issue #5469
+          maxScopeMask = max(maxScopeMask, eso.getScopePrefixLength());
+        }
          eso.setScopePrefixLength(maxScopeMask);
  
          string opt = eso.makeOptString();
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index 019d8633daf5a766fded3b4b27a94a35152764e6..c85cb9eeea01a612ee2c7a4f2369940992ac0e98 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1926,6 +1926,10 @@ std::unique_ptr<DNSPacket> PacketHandler::opcodeQuery(DNSPacket& pkt, bool noCac
    if (opcodeQueryInner(pkt, state)) {
      doAdditionalProcessing(pkt, state.r);
  
+    // now that all processing is done, span and view may have been set, so we copy them
+    state.r->d_span = pkt.d_span;
+    state.r->d_view = pkt.d_view;
+
      for(const auto& loopRR: state.r->getRRS()) {
        if (loopRR.scopeMask != 0) {
          state.noCache=true;
diff --git a/regression-tests/tests/views/command b/regression-tests/tests/views/command

index 8a052a0b6bb931d369623e7ad2c68b7c6da094ed..06015b4afd898bb664583b5b3eea87f822856568 100755 (executable)
--- a/regression-tests/tests/views/command
+++ b/regression-tests/tests/views/command
@@ -1,9 +1,9 @@
  #!/bin/sh
-cleandig example.com TXT ednssubnet 192.0.2.0/32
-cleandig example.com TXT ednssubnet 192.0.2.200/32
+cleandig example.com TXT ednssubnet 192.0.2.0/32 2>&1
+cleandig example.com TXT ednssubnet 192.0.2.200/32 2>&1
  
-cleandig cname.example.com TXT ednssubnet 192.0.2.0/32
-cleandig cname.example.com TXT ednssubnet 192.0.2.200/32
+cleandig cname.example.com TXT ednssubnet 192.0.2.0/32 2>&1
+cleandig cname.example.com TXT ednssubnet 192.0.2.200/32 2>&1
  
-cleandig cname-nxd.example.com TXT ednssubnet 192.0.2.0/32
-cleandig cname-nxd.example.com TXT ednssubnet 192.0.2.200/32
+cleandig cname-nxd.example.com TXT ednssubnet 192.0.2.0/32 2>&1
+cleandig cname-nxd.example.com TXT ednssubnet 192.0.2.200/32 2>&1
diff --git a/regression-tests/tests/views/expected_result.lmdb b/regression-tests/tests/views/expected_result.lmdb

index 475b068abf7db404feb9b697e79dcac0d31e2bb7..75e65fc10720d69900908e9f86bc28f814056180 100644 (file)
--- a/regression-tests/tests/views/expected_result.lmdb
+++ b/regression-tests/tests/views/expected_result.lmdb
@@ -1,26 +1,32 @@
+EDNS Subnet response: 192.0.2.0/32, scope: 192.0.2.0/25, family = 2
  0      example.com.    3600    IN      TXT     "hello from the bar variant"
-2      .       0       IN      OPT     AAgACAABIADAAAIA
+2      .       0       IN      OPT     AAgACAABIBnAAAIA
  Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
  Reply to question for qname='example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.200/32, scope: 192.0.2.0/24, family = 2
  0      example.com.    3600    IN      TXT     "hello from the foo variant"
-2      .       0       IN      OPT     AAgACAABIADAAALI
+2      .       0       IN      OPT     AAgACAABIBjAAALI
  Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
  Reply to question for qname='example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.0/32, scope: 192.0.2.0/25, family = 2
  0      cname.example.com.      3600    IN      CNAME   target.example.org.
-2      .       0       IN      OPT     AAgACAABIADAAAIA
+2      .       0       IN      OPT     AAgACAABIBnAAAIA
  Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
  Reply to question for qname='cname.example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.200/32, scope: 192.0.2.0/24, family = 2
  0      cname.example.com.      3600    IN      CNAME   target.example.org.
  0      target.example.org.     3600    IN      TXT     "hello from target..foo"
-2      .       0       IN      OPT     AAgACAABIADAAALI
+2      .       0       IN      OPT     AAgACAABIBjAAALI
  Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
  Reply to question for qname='cname.example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.0/32, scope: 192.0.2.0/25, family = 2
  0      cname-nxd.example.com.  3600    IN      CNAME   nxd.example.org.
-2      .       0       IN      OPT     AAgACAABIADAAAIA
+2      .       0       IN      OPT     AAgACAABIBnAAAIA
  Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
  Reply to question for qname='cname-nxd.example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.200/32, scope: 192.0.2.0/24, family = 2
  0      cname-nxd.example.com.  3600    IN      CNAME   nxd.example.org.
  1      example.org.    3600    IN      SOA     a.misconfigured.dns.server.invalid. hostmaster.example.org. 0 10800 3600 604800 3600
-2      .       0       IN      OPT     AAgACAABIADAAALI
+2      .       0       IN      OPT     AAgACAABIBjAAALI
  Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
  Reply to question for qname='cname-nxd.example.com.', qtype=TXT
author	Peter van Dijk <peter.van.dijk@powerdns.com>
	Fri, 23 May 2025 12:14:43 +0000 (14:14 +0200)
committer	Miod Vallat <miod.vallat@powerdns.com>
	Mon, 26 May 2025 11:49:13 +0000 (13:49 +0200)
pdns/dnspacket.cc		patch \| blob \| blame \| history
pdns/packethandler.cc		patch \| blob \| blame \| history
regression-tests/tests/views/command		patch \| blob \| blame \| history
regression-tests/tests/views/expected_result.lmdb		patch \| blob \| blame \| history