From 62b9718f6364ffee871b19c9db40c163563eecae Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Mon, 20 Jan 2025 14:08:02 +0100
Subject: [PATCH] Fix invalid scope test to do what I think is actually
 intended

---
 pdns/recursordist/lwres.cc                   | 2 +-
 regression-tests.recursor-dnssec/test_ECS.py | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc
index acf6d01cb9..c87701f015 100644
--- a/pdns/recursordist/lwres.cc
+++ b/pdns/recursordist/lwres.cc
@@ -599,7 +599,7 @@ static LWResult::Result asyncresolve(const ComboAddress& address, const DNSName&
 
       // If we sent out ECS, we can also expect to see a return with or without ECS, the absent case is
       // not handled explicitly. If we do see a ECS in the reply, the source part *must* match with
-      // what we sent out See https://www.rfc-editor.org/rfc/rfc7871#section-7.3
+      // what we sent out. See https://www.rfc-editor.org/rfc/rfc7871#section-7.3
       if (subnetOpts) {
         for (const auto& opt : edo.d_options) {
           if (opt.first == EDNSOptionCode::ECS) {
diff --git a/regression-tests.recursor-dnssec/test_ECS.py b/regression-tests.recursor-dnssec/test_ECS.py
index 29a75cf1e2..e3934e3ab6 100644
--- a/regression-tests.recursor-dnssec/test_ECS.py
+++ b/regression-tests.recursor-dnssec/test_ECS.py
@@ -481,9 +481,9 @@ ecs-ipv6-cache-bits=128
 
     def testSendECSInvalidScope(self):
         # test that the recursor does not cache with a more specific scope than the source it sent
-        expected = dns.rrset.from_text(nameECSInvalidScope, ttlECS, dns.rdataclass.IN, 'TXT', '192.0.2.0/24')
+        expected = dns.rrset.from_text(nameECSInvalidScope, ttlECS, dns.rdataclass.IN, 'TXT', '192.0.2.0/24/25')
 
-        ecso = clientsubnetoption.ClientSubnetOption('192.0.2.1', 32)
+        ecso = clientsubnetoption.ClientSubnetOption('192.0.2.1', 24)
         query = dns.message.make_query(nameECSInvalidScope, 'TXT', 'IN', use_edns=True, options=[ecso], payload=512)
 
         self.sendECSQuery(query, expected)
@@ -623,7 +623,8 @@ class UDPECSResponder(DatagramProtocol):
 
                     # Send a scope more specific than the received source for nameECSInvalidScope
                     if request.question[0].name == dns.name.from_text(nameECSInvalidScope):
-                        ecso = clientsubnetoption.ClientSubnetOption("192.0.42.42", 32, 32)
+                        ecso = clientsubnetoption.ClientSubnetOption("192.0.2.1", 24, 25)
+                        text += "/25"
                     else:
                         ecso = clientsubnetoption.ClientSubnetOption(self.ipToStr(option), option.mask, option.mask)
 
-- 
2.47.2