From 03b511b1a20e4d73e12d401b00fe235f1bea413a Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Wed, 31 Jul 2024 11:42:44 +0200
Subject: [PATCH] - Fix for #1114: Fix that cache fill for forward-host names
 is   performed, so that with nonzero target-fetch-policy it fetches  
 forwarder addresses and uses them from cache. Also updated that   delegation
 point cache fill routines use CDflag for AAAA message   lookups, so that its
 negative lookup stops a recursion since the   cache uses the bit for
 disambiguation for dns64 but the recursion   uses CDflag for the AAAA target
 lookups, so the check correctly   stops a useless recursion by its cache
 lookup.

---
 doc/Changelog                |  10 +++
 iterator/iterator.c          |   5 ++
 services/cache/dns.c         |  14 ++++
 testdata/fwd_name_lookup.rpl | 152 +++++++++++++++++++++++++++++++++++
 4 files changed, 181 insertions(+)
 create mode 100644 testdata/fwd_name_lookup.rpl

diff --git a/doc/Changelog b/doc/Changelog
index f6f943045..ec8024cc1 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,13 @@
+31 July 2024: Wouter
+	- Fix for #1114: Fix that cache fill for forward-host names is
+	  performed, so that with nonzero target-fetch-policy it fetches
+	  forwarder addresses and uses them from cache. Also updated that
+	  delegation point cache fill routines use CDflag for AAAA message
+	  lookups, so that its negative lookup stops a recursion since the
+	  cache uses the bit for disambiguation for dns64 but the recursion
+	  uses CDflag for the AAAA target lookups, so the check correctly
+	  stops a useless recursion by its cache lookup.
+
 30 July 2024: Wouter
 	- Fix to document parameters of auth_zone_verify_zonemd_with_key.
 
diff --git a/iterator/iterator.c b/iterator/iterator.c
index cddb02717..b348e9867 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -1560,6 +1560,11 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq,
 			errinf(qstate, "malloc failure for forward zone");
 			return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
 		}
+		if(!cache_fill_missing(qstate->env, iq->qchase.qclass,
+			qstate->region, iq->dp)) {
+			errinf(qstate, "malloc failure, copy extra info into delegation point");
+			return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
+		}
 		if((qstate->query_flags&BIT_RD)==0) {
 			/* If the server accepts RD=0 queries and forwards
 			 * with RD=1, then if the server is listed as an NS
diff --git a/services/cache/dns.c b/services/cache/dns.c
index 60e79a2e7..5e74c3169 100644
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -346,6 +346,13 @@ find_add_addrs(struct module_env* env, uint16_t qclass,
 			 * not use dns64 translation */
 			neg = msg_cache_lookup(env, ns->name, ns->namelen,
 				LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
+			/* Because recursion for lookup uses BIT_CD, check
+			 * for that so it stops the recursion lookup, if a
+			 * negative answer is cached. Because the cache uses
+			 * the CD flag for type AAAA. */
+			if(!neg)
+				neg = msg_cache_lookup(env, ns->name, ns->namelen,
+					LDNS_RR_TYPE_AAAA, qclass, BIT_CD, now, 0);
 			if(neg) {
 				delegpt_add_neg_msg(dp, neg);
 				lock_rw_unlock(&neg->entry.lock);
@@ -405,6 +412,13 @@ cache_fill_missing(struct module_env* env, uint16_t qclass,
 			 * not use dns64 translation */
 			neg = msg_cache_lookup(env, ns->name, ns->namelen,
 				LDNS_RR_TYPE_AAAA, qclass, 0, now, 0);
+			/* Because recursion for lookup uses BIT_CD, check
+			 * for that so it stops the recursion lookup, if a
+			 * negative answer is cached. Because the cache uses
+			 * the CD flag for type AAAA. */
+			if(!neg)
+				neg = msg_cache_lookup(env, ns->name, ns->namelen,
+					LDNS_RR_TYPE_AAAA, qclass, BIT_CD, now, 0);
 			if(neg) {
 				delegpt_add_neg_msg(dp, neg);
 				lock_rw_unlock(&neg->entry.lock);
diff --git a/testdata/fwd_name_lookup.rpl b/testdata/fwd_name_lookup.rpl
new file mode 100644
index 000000000..dbcfffba5
--- /dev/null
+++ b/testdata/fwd_name_lookup.rpl
@@ -0,0 +1,152 @@
+; config options
+server:
+	# must have target-fetch-policy to fetch forward-host name.
+	target-fetch-policy: "3 2 1 0 0"
+	qname-minimisation: no
+	minimal-responses: no
+
+forward-zone:
+	name: "."
+	forward-addr: 1.2.3.4
+	forward-host: ns.example.com
+CONFIG_END
+
+SCENARIO_BEGIN Test forward with forward-host lookup for more addresses
+
+; Forward server
+RANGE_BEGIN 0 15
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN A
+SECTION ANSWER
+ns.example.com. IN A 1.2.3.4
+ns.example.com. IN A 1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ns.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com. IN SOA ns.example.com. host.example.com. 3 3600 300 86400 3600
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; The forward server gives no answers.
+RANGE_BEGIN 20 55
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR SERVFAIL
+SECTION QUESTION
+www2.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR SERVFAIL
+SECTION QUESTION
+www3.example.com. IN A
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+; The other forward server.
+RANGE_BEGIN 20 55
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www2.example.com. IN A
+SECTION ANSWER
+www2.example.com. IN A 1.2.3.7
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www3.example.com. IN A
+SECTION ANSWER
+www3.example.com. IN A 1.2.3.8
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A 1.2.3.6
+ENTRY_END
+
+; The address 1.2.3.4 is not responding so it has to fail over to the
+; address from the name lookup.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www2.example.com. IN A
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www2.example.com. IN A
+SECTION ANSWER
+www2.example.com. IN A 1.2.3.7
+ENTRY_END
+
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www3.example.com. IN A
+ENTRY_END
+
+STEP 50 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www3.example.com. IN A
+SECTION ANSWER
+www3.example.com. IN A 1.2.3.8
+ENTRY_END
+
+SCENARIO_END
-- 
2.47.2