From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Fri, 23 May 2025 12:14:43 +0000 (+0200)
Subject: set edns-subnet scope mask
X-Git-Tag: auth-5.0.0-alpha1~1^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1f7eee7dd27fc3999fe5a04c66115be0dca4791;p=thirdparty%2Fpdns.git

set edns-subnet scope mask
---

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index f20b7e4400..5f7407fa1e 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -369,8 +369,14 @@ void DNSPacket::wrapup(bool throwsOnTruncation)
 
       if(d_haveednssubnet) {
         EDNSSubnetOpts eso = d_eso;
-        // use the scopeMask from the resolver, if it is greater - issue #5469
-        maxScopeMask = max(maxScopeMask, eso.getScopePrefixLength());
+        if (!d_span.empty()) {
+          // if view handling set our span, we assume this is the best number
+          maxScopeMask = d_span.getBits();
+        }
+        else {
+          // use the scopeMask from the resolver, if it is greater - issue #5469
+          maxScopeMask = max(maxScopeMask, eso.getScopePrefixLength());
+        }
         eso.setScopePrefixLength(maxScopeMask);
 
         string opt = eso.makeOptString();
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 019d8633da..c85cb9eeea 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1926,6 +1926,10 @@ std::unique_ptr<DNSPacket> PacketHandler::opcodeQuery(DNSPacket& pkt, bool noCac
   if (opcodeQueryInner(pkt, state)) {
     doAdditionalProcessing(pkt, state.r);
 
+    // now that all processing is done, span and view may have been set, so we copy them
+    state.r->d_span = pkt.d_span;
+    state.r->d_view = pkt.d_view;
+
     for(const auto& loopRR: state.r->getRRS()) {
       if (loopRR.scopeMask != 0) {
         state.noCache=true;
diff --git a/regression-tests/tests/views/command b/regression-tests/tests/views/command
index 8a052a0b6b..06015b4afd 100755
--- a/regression-tests/tests/views/command
+++ b/regression-tests/tests/views/command
@@ -1,9 +1,9 @@
 #!/bin/sh
-cleandig example.com TXT ednssubnet 192.0.2.0/32
-cleandig example.com TXT ednssubnet 192.0.2.200/32
+cleandig example.com TXT ednssubnet 192.0.2.0/32 2>&1
+cleandig example.com TXT ednssubnet 192.0.2.200/32 2>&1
 
-cleandig cname.example.com TXT ednssubnet 192.0.2.0/32
-cleandig cname.example.com TXT ednssubnet 192.0.2.200/32
+cleandig cname.example.com TXT ednssubnet 192.0.2.0/32 2>&1
+cleandig cname.example.com TXT ednssubnet 192.0.2.200/32 2>&1
 
-cleandig cname-nxd.example.com TXT ednssubnet 192.0.2.0/32
-cleandig cname-nxd.example.com TXT ednssubnet 192.0.2.200/32
+cleandig cname-nxd.example.com TXT ednssubnet 192.0.2.0/32 2>&1
+cleandig cname-nxd.example.com TXT ednssubnet 192.0.2.200/32 2>&1
diff --git a/regression-tests/tests/views/expected_result.lmdb b/regression-tests/tests/views/expected_result.lmdb
index 475b068abf..75e65fc107 100644
--- a/regression-tests/tests/views/expected_result.lmdb
+++ b/regression-tests/tests/views/expected_result.lmdb
@@ -1,26 +1,32 @@
+EDNS Subnet response: 192.0.2.0/32, scope: 192.0.2.0/25, family = 2
 0	example.com.	3600	IN	TXT	"hello from the bar variant"
-2	.	0	IN	OPT	AAgACAABIADAAAIA
+2	.	0	IN	OPT	AAgACAABIBnAAAIA
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.200/32, scope: 192.0.2.0/24, family = 2
 0	example.com.	3600	IN	TXT	"hello from the foo variant"
-2	.	0	IN	OPT	AAgACAABIADAAALI
+2	.	0	IN	OPT	AAgACAABIBjAAALI
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.0/32, scope: 192.0.2.0/25, family = 2
 0	cname.example.com.	3600	IN	CNAME	target.example.org.
-2	.	0	IN	OPT	AAgACAABIADAAAIA
+2	.	0	IN	OPT	AAgACAABIBnAAAIA
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='cname.example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.200/32, scope: 192.0.2.0/24, family = 2
 0	cname.example.com.	3600	IN	CNAME	target.example.org.
 0	target.example.org.	3600	IN	TXT	"hello from target..foo"
-2	.	0	IN	OPT	AAgACAABIADAAALI
+2	.	0	IN	OPT	AAgACAABIBjAAALI
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='cname.example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.0/32, scope: 192.0.2.0/25, family = 2
 0	cname-nxd.example.com.	3600	IN	CNAME	nxd.example.org.
-2	.	0	IN	OPT	AAgACAABIADAAAIA
+2	.	0	IN	OPT	AAgACAABIBnAAAIA
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='cname-nxd.example.com.', qtype=TXT
+EDNS Subnet response: 192.0.2.200/32, scope: 192.0.2.0/24, family = 2
 0	cname-nxd.example.com.	3600	IN	CNAME	nxd.example.org.
 1	example.org.	3600	IN	SOA	a.misconfigured.dns.server.invalid. hostmaster.example.org. 0 10800 3600 604800 3600
-2	.	0	IN	OPT	AAgACAABIADAAALI
+2	.	0	IN	OPT	AAgACAABIBjAAALI
 Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='cname-nxd.example.com.', qtype=TXT