From b0b634558ba8af0d8b3e75abf34a6179237ffae6 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 6 Jan 2026 09:33:00 +0100 Subject: [PATCH] - Fix edns subnet, that scope zero queries, when there is a subquery without subnet, and the forward-no-cache or stub-no-cache option is set, it is not stored in cache due to the forward or stub option. This has the changelog entry and test. --- doc/Changelog | 6 + testdata/subnet_scopezero_global_nocache.crpl | 126 ++++++++++++++++++ 2 files changed, 132 insertions(+) create mode 100644 testdata/subnet_scopezero_global_nocache.crpl diff --git a/doc/Changelog b/doc/Changelog index 94cf509af..9001914f1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +6 January 2026: Wouter + - Fix edns subnet, that scope zero queries, when there is a + subquery without subnet, and the forward-no-cache or + stub-no-cache option is set, it is not stored in cache due to + the forward or stub option. + 31 December 2025: Yorgos - Update the unbound-anchor man page to note write permissions of the generated file if it is to be used with Unbound's diff --git a/testdata/subnet_scopezero_global_nocache.crpl b/testdata/subnet_scopezero_global_nocache.crpl new file mode 100644 index 000000000..3e8fbb25f --- /dev/null +++ b/testdata/subnet_scopezero_global_nocache.crpl @@ -0,0 +1,126 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + module-config: "subnetcache validator iterator" + verbosity: 4 + qname-minimisation: no + ; the domain is not configured for edns-subnet + ;send-client-subnet: 1.2.3.4 + +stub-zone: + name: "." + stub-addr: 193.0.14.129 + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 + stub-no-cache: yes +CONFIG_END + +SCENARIO_BEGIN Test subnet cache with scope zero for global cache store. + +; the upstream server. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 + +ENTRY_BEGIN +MATCH opcode qtype qname ednsdata +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + ;; we expect to receive empty +HEX_EDNSDATA_END +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 21 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 30 50 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.1 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; query for 0.0.0.0/0 +STEP 10 QUERY +ENTRY_BEGIN +HEX_ANSWER_BEGIN + 00 00 01 00 00 01 00 00 ;ID 0 + 00 00 00 01 03 77 77 77 ; www.example.com A? (DO) + 07 65 78 61 6d 70 6c 65 + 03 63 6f 6d 00 00 01 00 + 01 00 00 29 10 00 00 00 + 80 00 00 08 + + 00 08 00 04 ; OPC, optlen + 00 01 00 00 ; ip4, scope 0, source 0 + ;0.0.0.0/0 +HEX_ANSWER_END +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +SECTION ADDITIONAL +HEX_EDNSDATA_BEGIN + 00 08 ; OPC + 00 04 ; option length + 00 01 ; Family + 00 00 ; source mask, scopemask + ; address +HEX_EDNSDATA_END +ENTRY_END + +; It should not be in global cache. +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD NOERROR +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ednsdata +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.1 +ENTRY_END + +SCENARIO_END