/* Store the response in cache. */
if( (!iq || !iq->started_no_cache_store) &&
+ !qstate->is_subnet_answer &&
qstate->return_msg &&
qstate->return_msg->rep &&
!dns_cache_store(
/* Store the generated response in cache. */
if ( (!super_dq || !super_dq->started_no_cache_store) &&
+ !super->is_subnet_answer &&
!dns_cache_store(super->env, &super->qinfo, super->return_msg->rep,
0, super->prefetch_leeway, 0, NULL, super->query_flags,
qstate->qstarttime, qstate->is_valrec))
to Qifan Zhang, Palo Alto Networks, for the report.
- Fix, in depth, for respip rewrite of dns64 responses. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.
+ - Fix that dns64 with subnetcache does not write ECS scoped
+ answers to global cache. Thanks to Qifan Zhang, Palo Alto
+ Networks, for the report.
26 May 2026: Wouter
- Fix for mesh new client and mesh new callback to rollback the
subnet_ecs_opt_list_append(&sq->ecs_client_out,
&qstate->edns_opts_front_out, qstate,
qstate->region);
+ qstate->is_subnet_answer = 1;
}
sq->wait_subquery_done = 0;
qstate->ext_state[id] = module_finished;
qstate->env->cfg->prefetch)) {
sne->num_msg_cache++;
lock_rw_unlock(&sne->biglock);
+ qstate->is_subnet_answer = 1;
verbose(VERB_QUERY, "subnetcache: answered from cache");
qstate->ext_state[id] = module_finished;
subnet_ecs_opt_list_append(&sq->ecs_client_out,
&qstate->edns_opts_front_out, qstate,
qstate->region);
+ qstate->is_subnet_answer = 1;
if(verbosity >= VERB_ALGO) {
subnet_log_print("reply has edns subnet",
edns_opt_list_find(
--- /dev/null
+server:
+ target-fetch-policy: "0 0 0 0 0"
+ access-control: 0.0.0.0/0 allow
+ send-client-subnet: 5.0.15.10
+ max-client-subnet-ipv4: 24
+ verbosity: 3
+ module-config: "dns64 subnetcache iterator"
+ qname-minimisation: no
+ minimal-responses: yes
+ dns64-prefix: 64:ff9b::0/96
+
+stub-zone:
+ name: "."
+ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Subnet with DNS64 lookup
+
+RANGE_BEGIN 0 100
+ ADDRESS 193.0.14.129
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+a.gtld-servers.net. IN AAAA
+SECTION AUTHORITY
+net. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600
+SECTION ADDITIONAL
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+RANGE_BEGIN 0 100
+ ADDRESS 192.5.6.30
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 5.0.15.10
+ENTRY_END
+RANGE_END
+
+RANGE_BEGIN 0 100
+ ADDRESS 5.0.15.10
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+ ;; we expect to receive empty
+HEX_EDNSDATA_END
+ns.example.com. IN A 5.0.15.10
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+ ;; we expect to receive empty
+HEX_EDNSDATA_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id copy_query copy_ednsdata_assume_clientsubnet
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 4.3.0.3
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+ ; client is 10.0.3.0
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 18 00 ; source mask, scopemask
+ 0a 00 03 ; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id copy_query copy_ednsdata_assume_clientsubnet
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 4.3.0.4
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+ ; client is 10.0.4.0
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 18 00 ; source mask, scopemask
+ 0a 00 04 ; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id copy_query copy_ednsdata_assume_clientsubnet
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com. IN AAAA 2001:db8::3
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+ ; client is 10.0.3.0
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 18 00 ; source mask, scopemask
+ 0a 00 03 ; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id copy_query copy_ednsdata_assume_clientsubnet
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+www.example.com. IN AAAA 2001:db8::4
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+ ; client is 10.0.4.0
+ 00 08 ; OPC
+ 00 07 ; option length
+ 00 01 ; Family
+ 18 00 ; source mask, scopemask
+ 0a 00 04 ; address
+HEX_EDNSDATA_END
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY ADDRESS 10.0.3.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN AAAA
+ENTRY_END
+
+STEP 2 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+;www.example.com. IN A 4.3.0.3
+www.example.com. IN AAAA 2001:db8::3
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+STEP 10 QUERY ADDRESS 10.0.4.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN AAAA
+ENTRY_END
+
+STEP 11 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN AAAA
+SECTION ANSWER
+;www.example.com. IN A 4.3.0.4
+www.example.com. IN AAAA 2001:db8::4
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
