- unbound-control cache_lookup +t allows tld and root names. And

subnet cache contents are printed.
Changelog, documentation and unit test.

doc/Changelog

@@ -1,3 +1,7 @@
+15 August 2025: Wouter
+	- unbound-control cache_lookup +t allows tld and root names. And
+	  subnet cache contents are printed.
+
 14 August 2025: Wouter
 	- Fix to increase responsiveness of dump_cache.
 	- Fix to decouple file descriptor activity and cache lookups in

doc/unbound-control.rst

@@ -386,10 +386,16 @@ There are several commands that the server understands.
     Not supported in remote Unbounds in multi-process operation.
 
 
-@@UAHL@unbound-control.commands@cache_lookup@@ *names*
+@@UAHL@unbound-control.commands@cache_lookup@@ [``+t``] *names*
     Print to stdout the RRsets and messages that are in the cache.
     For every name listed the content at or under the name is printed.
     Several names separated by spaces can be given, each is printed.
+    When subnetcache is enabled, also matching entries from the subnet
+    cache are printed.
+
+    The ``+t`` option allows tld and root names.
+    With it names like 'com' and '.' can be used, but it takes a lot of
+    effort to look up in the cache.
 
 
 @@UAHL@unbound-control.commands@lookup@@ *name*

smallapp/unbound-control.c

@@ -143,7 +143,8 @@ usage(void)
 	printf("  load_cache			load cache from stdin\n");
 	printf("				(not supported in remote unbounds in\n");
 	printf("				multi-process operation)\n");
-	printf("  cache_lookup <names>		print rrsets and msgs at or under the names\n");
+	printf("  cache_lookup [+t] <names>	print rrsets and msgs at or under the names\n");
+	printf("		+t		allow tld and root names.\n");
 	printf("  lookup <name>			print nameservers for name\n");
 	printf("  flush [+c] <name>			flushes common types for name from cache\n");
 	printf("  				types:  A, AAAA, MX, PTR, NS,\n");

testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.conf

@@ -0,0 +1,36 @@
+server:
+	verbosity: 7
+	# num-threads: 1
+	interface: 127.0.0.1
+	interface: 127.0.0.1@@PROXYPORT@
+	port: @PORT@
+	proxy-protocol-port: @PROXYPORT@
+	access-control: 1.0.0.0/8 allow
+	use-syslog: no
+	directory: ""
+	pidfile: "unbound.pid"
+	chroot: ""
+	username: ""
+	do-not-query-localhost: no
+	target-fetch-policy: "0 0 0 0 0"
+	send-client-subnet: 127.0.0.1
+	max-client-subnet-ipv4: 17
+	module-config: "subnetcache iterator"
+	qname-minimisation: no
+	minimal-responses: no
+remote-control:
+	control-enable: yes
+	control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@
+	control-use-cert: no
+stub-zone:
+	name: "."
+	stub-prime: no
+	stub-addr: "127.0.0.1@@TOPORT@"
+stub-zone:
+	name: "example.com"
+	stub-prime: no
+	stub-addr: "127.0.0.1@@TOPORT@"
+stub-zone:
+	name: "example.net"
+	stub-prime: no
+	stub-addr: "127.0.0.1@@TOPORT@"

testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.dsc

@@ -0,0 +1,16 @@
+BaseName: subnet_cache_lookup
+Version: 1.0
+Description: Subnet cache contents with unbound-control cache_lookup
+CreationDate: Fri Aug 15 11:00:00 CEST 2025
+Maintainer: dr. W.C.A. Wijngaards
+Category: 
+Component:
+CmdDepends: 
+Depends: 
+Help:
+Pre: subnet_cache_lookup.pre
+Post: subnet_cache_lookup.post
+Test: subnet_cache_lookup.test
+AuxFiles: 
+Passed:
+Failure:

testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.post

@@ -0,0 +1,15 @@
+# #-- subnet_cache_lookup.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+PRE="../.."
+. ../common.sh
+echo "> cat logfiles"
+kill_pid $FWD_PID
+kill_pid $UNBOUND_PID
+rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID
+cat fwd.log 
+cat unbound.log

testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.pre

@@ -0,0 +1,42 @@
+# #-- subnet_cache_lookup.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+if grep "define CLIENT_SUBNET 1" $PRE/config.h; then echo test enabled; else skip_test "test skipped"; fi
+
+get_make
+(cd $PRE; $MAKE streamtcp)
+
+get_random_port 3
+UNBOUND_PORT=$RND_PORT
+PROXY_PORT=$(($RND_PORT + 1))
+FWD_PORT=$(($RND_PORT + 2))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test
+echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
+
+# start forwarder
+get_ldns_testns
+$LDNS_TESTNS -p $FWD_PORT subnet_cache_lookup.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# make config file
+CONTROL_PATH=/tmp
+CONTROL_PID=$$
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@PROXYPORT\@/'$PROXY_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < subnet_cache_lookup.conf > ub.conf
+# start unbound in the background
+$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test
+echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_unbound_up unbound.log
+

testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.test

@@ -0,0 +1,121 @@
+# #-- subnet_cache_lookup.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+# do the test
+echo "> dig www.example.com."
+dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 1
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 1
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 1
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 10
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+if grep SERVFAIL outfile; then
+	echo "> try again"
+	sleep 10
+	dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile
+fi
+#echo "> cat logfiles"
+#cat fwd.log 
+#cat unbound.log
+echo "> check answer"
+if grep www.example.com outfile | grep "10.20.30.40"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+echo "> unbound-control status"
+$PRE/unbound-control -c ub.conf status
+if test $? -ne 0; then
+	echo "wrong exit value."
+	exit 1
+else
+	echo "exit value: OK"
+fi
+
+echo "> unbound-control cache_lookup example.com"
+$PRE/unbound-control -c ub.conf cache_lookup example.com 2>&1 | tee outfile
+if test $? -ne 0; then
+	echo "wrong exit value."
+	exit 1
+fi
+echo "> check unbound-control output"
+if grep "subnet" outfile; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+echo "> use proxy-protocol to put more addresses in the edns subnet cache"
+$PRE/streamtcp -f 127.0.0.1@$PROXY_PORT -p 1.1.3.4 www.example.net. A IN | tee outfile
+if grep www.example.net outfile | grep "10.20.30.41"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+$PRE/streamtcp -f 127.0.0.1@$PROXY_PORT -p 1.2.3.4 www.example.net. A IN | tee outfile
+if grep www.example.net outfile | grep "10.20.30.42"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+$PRE/streamtcp -f 127.0.0.1@$PROXY_PORT -p 1.3.3.4 www.example.net. A IN | tee outfile
+if grep www.example.net outfile | grep "10.20.30.43"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+$PRE/streamtcp -f 127.0.0.1@$PROXY_PORT -p 1.4.3.4 www.example.net. A IN | tee outfile
+if grep www.example.net outfile | grep "10.20.30.44"; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+echo "> unbound-control cache_lookup example.net"
+$PRE/unbound-control -c ub.conf cache_lookup example.net 2>&1 | tee outfile
+if test $? -ne 0; then
+	echo "wrong exit value."
+	exit 1
+fi
+echo "> check unbound-control output"
+if grep "subnet" outfile; then
+	echo "OK"
+else
+	echo "Not OK"
+	exit 1
+fi
+
+exit 0

testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.testns

@@ -0,0 +1,181 @@
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS test.ns.
+SECTION ADDITIONAL
+test.ns. IN A 127.0.0.1
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+;MATCH opcode qtype qname ednsdata
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN A	10.20.30.40
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 127.0.0.1
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 11 		; source mask, scopemask
+	7f 00 00 	; address
+HEX_EDNSDATA_END
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+example.com. IN SOA
+SECTION ANSWER
+example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 1.1.3.4
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 00 		; source mask, scopemask
+	01 01 00 	; address
+HEX_EDNSDATA_END
+HEX_ANSWER_BEGIN
+        00 00 84 00 00 01 00 01         ;ID 0, QR AA
+        00 00 00 01 03 77 77 77         ; www.example.net. A? (DO)
+        07 65 78 61 6d 70 6c 65
+        03 6e 65 74 00 00 01 00
+        01
+					; www.example.net. A 10.20.30.41
+	03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00
+	00 01 00 01 00 00 0e 10 00 04
+	0a 14 1e 29
+
+	00 00 29 10 00 00 00
+        80 00 00 0b
+        00 08 00 07                     ; OPC, optlen
+        00 01 11 11                     ; ip4, scope 17, source 17
+        01 01 00                        ;1.1.0.0/17
+HEX_ANSWER_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 1.2.3.4
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 00 		; source mask, scopemask
+	01 02 00 	; address
+HEX_EDNSDATA_END
+HEX_ANSWER_BEGIN
+        00 00 84 00 00 01 00 01         ;ID 0, QR AA
+        00 00 00 01 03 77 77 77         ; www.example.net. A? (DO)
+        07 65 78 61 6d 70 6c 65
+        03 6e 65 74 00 00 01 00
+        01
+					; www.example.net. A 10.20.30.42
+	03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00
+	00 01 00 01 00 00 0e 10 00 04
+	0a 14 1e 2a
+
+	00 00 29 10 00 00 00
+        80 00 00 0b
+        00 08 00 07                     ; OPC, optlen
+        00 01 11 11                     ; ip4, scope 17, source 17
+        01 02 00                        ;1.2.0.0/17
+HEX_ANSWER_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 1.3.3.4
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 00 		; source mask, scopemask
+	01 03 00 	; address
+HEX_EDNSDATA_END
+HEX_ANSWER_BEGIN
+        00 00 84 00 00 01 00 01         ;ID 0, QR AA
+        00 00 00 01 03 77 77 77         ; www.example.net. A? (DO)
+        07 65 78 61 6d 70 6c 65
+        03 6e 65 74 00 00 01 00
+        01
+					; www.example.net. A 10.20.30.43
+	03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00
+	00 01 00 01 00 00 0e 10 00 04
+	0a 14 1e 2b
+
+	00 00 29 10 00 00 00
+        80 00 00 0b
+        00 08 00 07                     ; OPC, optlen
+        00 01 11 11                     ; ip4, scope 17, source 17
+        01 03 00                        ;1.3.0.0/17
+HEX_ANSWER_END
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname ednsdata
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.net. IN A
+SECTION ADDITIONAL
+HEX_EDNSDATA_BEGIN
+			; client is 1.4.3.4
+	00 08 		; OPC
+	00 07 		; option length
+	00 01 		; Family
+	11 00 		; source mask, scopemask
+	01 04 00 	; address
+HEX_EDNSDATA_END
+HEX_ANSWER_BEGIN
+        00 00 84 00 00 01 00 01         ;ID 0, QR AA
+        00 00 00 01 03 77 77 77         ; www.example.net. A? (DO)
+        07 65 78 61 6d 70 6c 65
+        03 6e 65 74 00 00 01 00
+        01
+					; www.example.net. A 10.20.30.44
+	03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00
+	00 01 00 01 00 00 0e 10 00 04
+	0a 14 1e 2c
+
+	00 00 29 10 00 00 00
+        80 00 00 0b
+        00 08 00 07                     ; OPC, optlen
+        00 01 11 11                     ; ip4, scope 17, source 17
+        01 04 00                        ;1.4.0.0/17
+HEX_ANSWER_END
+ENTRY_END