+6 January 2026: Wouter
+ - Fix edns subnet, that scope zero queries, when there is a
+ subquery without subnet, and the forward-no-cache or
+ stub-no-cache option is set, it is not stored in cache due to
+ the forward or stub option.
+
31 December 2025: Yorgos
- Update the unbound-anchor man page to note write permissions of the
generated file if it is to be used with Unbound's
--- /dev/null
+; config options
+server:
+ target-fetch-policy: "0 0 0 0 0"
+ module-config: "subnetcache validator iterator"
+ verbosity: 4
+ qname-minimisation: no
+ ; the domain is not configured for edns-subnet
+ ;send-client-subnet: 1.2.3.4
+
+stub-zone:
+ name: "."
+ stub-addr: 193.0.14.129
+
+stub-zone:
+ name: "example.com"
+ stub-addr: 1.2.3.4
+ stub-no-cache: yes
+CONFIG_END
+
+SCENARIO_BEGIN Test subnet cache with scope zero for global cache store.
+
+; the upstream server.
+RANGE_BEGIN 0 100
+ ADDRESS 193.0.14.129
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+ ;; we expect to receive empty
+HEX_EDNSDATA_END
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+RANGE_END
+
+RANGE_BEGIN 0 21
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+RANGE_BEGIN 30 50
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.1
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+; query for 0.0.0.0/0
+STEP 10 QUERY
+ENTRY_BEGIN
+HEX_ANSWER_BEGIN
+ 00 00 01 00 00 01 00 00 ;ID 0
+ 00 00 00 01 03 77 77 77 ; www.example.com A? (DO)
+ 07 65 78 61 6d 70 6c 65
+ 03 63 6f 6d 00 00 01 00
+ 01 00 00 29 10 00 00 00
+ 80 00 00 08
+
+ 00 08 00 04 ; OPC, optlen
+ 00 01 00 00 ; ip4, scope 0, source 0
+ ;0.0.0.0/0
+HEX_ANSWER_END
+ENTRY_END
+
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.40
+SECTION AUTHORITY
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+ 00 08 ; OPC
+ 00 04 ; option length
+ 00 01 ; Family
+ 00 00 ; source mask, scopemask
+ ; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+; It should not be in global cache.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all ednsdata
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 10.20.30.1
+ENTRY_END
+
+SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
