diff --git a/pdns/dnsproxy.cc b/pdns/dnsproxy.cc index 3c5c07636cba..fde68ce3a758 100644 --- a/pdns/dnsproxy.cc +++ b/pdns/dnsproxy.cc @@ -270,12 +270,12 @@ void DNSProxy::mainloop() MOADNSParser mdp(false, p.getString()); if (p.d_eso.scope.isValid()){ // update the EDNS options with info from the resolver - issue #5469 - i->second.complete->d_eso = p.d_eso; + i->second.complete->d_eso.scope = p.d_eso.scope; DLOG(g_log<<"from dnsproxy::mainLoop: updated EDNS options from resolver EDNS source: "<second.complete->d_eso.source.toString()<<" EDNS scope: "<second.complete->d_eso.scope.toString()<second.qtype || (i->second.qtype == QType::ANY && (answer.first.d_type == QType::A || answer.first.d_type == QType::AAAA))) { diff --git a/pdns/stubresolver.cc b/pdns/stubresolver.cc index fc45b599f2c6..a8dc38e4a3bf 100644 --- a/pdns/stubresolver.cc +++ b/pdns/stubresolver.cc @@ -105,7 +105,7 @@ void stubParseResolveConf() } // s_resolversForStub contains the ComboAddresses that are used to resolve the -int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& ret, EDNSSubnetOpts* d_eso) +int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& ret, const EDNSSubnetOpts* d_eso) { // ensure resolver gets always configured if (!s_stubResolvConfigured) { @@ -125,7 +125,7 @@ int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& r pw.getHeader()->id=dns_random_uint16(); pw.getHeader()->rd=1; - if(d_eso != nullptr) + if (d_eso != nullptr) { // pass along EDNS subnet from client if given - issue #5469 string origECSOptionStr = makeEDNSSubnetOptsString(*d_eso); @@ -183,7 +183,7 @@ int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& r return RCode::ServFail; } -int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& ret, EDNSSubnetOpts* d_eso) { +int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& ret, const EDNSSubnetOpts* d_eso) { vector ret2; int res = stubDoResolve(qname, qtype, ret2, d_eso); for (const auto &r : ret2) { diff --git a/pdns/stubresolver.hh b/pdns/stubresolver.hh index 88f79f4cdfa9..061a3f368697 100644 --- a/pdns/stubresolver.hh +++ b/pdns/stubresolver.hh @@ -26,5 +26,5 @@ void stubParseResolveConf(); bool resolversDefined(); -int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& ret, EDNSSubnetOpts* d_eso = nullptr); -int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& ret, EDNSSubnetOpts* d_eso = nullptr); +int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& ret, const EDNSSubnetOpts* d_eso = nullptr); +int stubDoResolve(const DNSName& qname, uint16_t qtype, vector& ret, const EDNSSubnetOpts* d_eso = nullptr); diff --git a/regression-tests.auth-py/test_ALIAS.py b/regression-tests.auth-py/test_ALIAS.py index dda27331bd5a..7499b4316b35 100644 --- a/regression-tests.auth-py/test_ALIAS.py +++ b/regression-tests.auth-py/test_ALIAS.py @@ -38,6 +38,7 @@ class TestALIAS(AuthTest): nxd.example.org. 3600 IN ALIAS nxd.example.com. servfail.example.org. 3600 IN ALIAS servfail.example.com. subnet.example.org. 3600 IN ALIAS subnet.example.com. +subnetwrong.example.org. 3600 IN ALIAS subnetwrong.example.com. """, } @@ -191,13 +192,36 @@ def testECS(self): self.assertEqual(res.options[0], ecso2) ecso = clientsubnetoption.ClientSubnetOption('2001:db8:db6:db5::', 64) - ecso2 = clientsubnetoption.ClientSubnetOption('2001:db8:db6::', 64, 48) + ecso2 = clientsubnetoption.ClientSubnetOption('2001:db8:db6:db5::', 64, 48) query = dns.message.make_query('subnet.example.org', 'A', use_edns=True, options=[ecso]) res = self.sendUDPQuery(query) self.assertRcodeEqual(res, dns.rcode.NOERROR) self.assertAnyRRsetInAnswer(res, expected_a) self.assertEqual(res.options[0], ecso2) + def testECSWrong(self): + expected_a = [dns.rrset.from_text('subnetwrong.example.org.', + 0, dns.rdataclass.IN, 'A', + '192.0.2.1')] + expected_aaaa = [dns.rrset.from_text('subnetwrong.example.org.', + 0, dns.rdataclass.IN, 'AAAA', + '2001:DB8::1')] + + ecso = clientsubnetoption.ClientSubnetOption('1.2.3.0', 24) # FIXME change all IPs to documentation space in this file + ecso2 = clientsubnetoption.ClientSubnetOption('1.2.3.0', 24, 22) + query = dns.message.make_query('subnetwrong.example.org', 'A', use_edns=True, options=[ecso]) + res = self.sendUDPQuery(query) + self.assertRcodeEqual(res, dns.rcode.NOERROR) + self.assertAnyRRsetInAnswer(res, expected_a) + self.assertEqual(res.options[0], ecso2) + + ecso = clientsubnetoption.ClientSubnetOption('2001:db8:db6:db5::', 64) + ecso2 = clientsubnetoption.ClientSubnetOption('2001:db8:db6:db5::', 64, 48) + query = dns.message.make_query('subnetwrong.example.org', 'A', use_edns=True, options=[ecso]) + res = self.sendUDPQuery(query) + self.assertRcodeEqual(res, dns.rcode.NOERROR) + self.assertAnyRRsetInAnswer(res, expected_a) + self.assertEqual(res.options[0], ecso2) class AliasUDPResponder(DatagramProtocol): def datagramReceived(self, datagram, address): @@ -210,11 +234,15 @@ def datagramReceived(self, datagram, address): name = question.name name_text = name.to_text() - if name_text in ('noerror.example.com.', 'subnet.example.com.'): + if name_text in ('noerror.example.com.', 'subnet.example.com.', 'subnetwrong.example.com.'): do_ecs = False + do_ecs_wrong = False if name_text == 'subnet.example.com.': - do_ecs=True + do_ecs = True + elif name_text == 'subnetwrong.example.com.': + do_ecs = True + do_ecs_wrong = True response.set_rcode(dns.rcode.NOERROR) if question.rdtype in [dns.rdatatype.A, @@ -233,9 +261,9 @@ def datagramReceived(self, datagram, address): if do_ecs: if request.options[0].family == clientsubnetoption.FAMILY_IPV4: - ecso = clientsubnetoption.ClientSubnetOption('1.2.3.0', 24, 22) + ecso = clientsubnetoption.ClientSubnetOption('5.6.7.0' if do_ecs_wrong else '1.2.3.0', 24, 22) else: - ecso = clientsubnetoption.ClientSubnetOption('2001:db8:db6::', 64, 48) + ecso = clientsubnetoption.ClientSubnetOption('2600::' if do_ecs_wrong else '2001:db8:db6:db5::', 64, 48) response.use_edns(edns=True, options=[ecso]) if name_text == 'nxd.example.com.':