- A patch from SVN. It fixes a regression in IPv6 caching in

1.4.1 version.

dns/unbound/Makefile

@@ -7,6 +7,7 @@
 
 PORTNAME=	unbound
 PORTVERSION=	1.4.1
+PORTREVISION=	1
 CATEGORIES=	dns
 MASTER_SITES=	http://unbound.net/downloads/
 

dns/unbound/files/patch-fix-ipv6

@@ -0,0 +1,348 @@
+Index: iterator/iter_delegpt.c
+===================================================================
+--- iterator/iter_delegpt.c	(revision 1952)
++++ iterator/iter_delegpt.c	(revision 1953)
+@@ -154,11 +154,13 @@
+ 		/* ignore it */
+ 		return 1;
+ 	}
+-	if(addr_is_ip6(addr, addrlen))
+-		ns->got6 = 1;
+-	else	ns->got4 = 1;
+-	if(ns->got4 && ns->got6)
+-		ns->resolved = 1;
++	if(!lame) {
++		if(addr_is_ip6(addr, addrlen))
++			ns->got6 = 1;
++		else	ns->got4 = 1;
++		if(ns->got4 && ns->got6)
++			ns->resolved = 1;
++	}
+ 	return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame, nodup);
+ }
+ 
+@@ -254,10 +256,11 @@
+ 			(dp->bogus?" BOGUS":"") );
+ 		}
+ 		for(a = dp->target_list; a; a = a->next_target) {
+-			if(a->bogus) 
+-				log_addr(VERB_ALGO, "  BOGUS ", 
+-					&a->addr, a->addrlen);
+-			else log_addr(VERB_ALGO, "  ", &a->addr, a->addrlen);
++			const char* str = "  ";
++			if(a->bogus && a->lame) str = "  BOGUS ADDR_LAME ";
++			else if(a->bogus) str = "  BOGUS ";
++			else if(a->lame) str = "  ADDR_LAME ";
++			log_addr(VERB_ALGO, str, &a->addr, a->addrlen);
+ 		}
+ 	}
+ }
+@@ -448,3 +451,13 @@
+ 		}
+ 	}
+ }
++
++void delegpt_no_ipv6(struct delegpt* dp)
++{
++	struct delegpt_ns* ns;
++	for(ns = dp->nslist; ns; ns = ns->next) {
++		/* no ipv6, so only ipv4 is enough to resolve a nameserver */
++		if(ns->got4)
++			ns->resolved = 1;
++	}
++}
+Index: iterator/iter_delegpt.h
+===================================================================
+--- iterator/iter_delegpt.h	(revision 1952)
++++ iterator/iter_delegpt.h	(revision 1953)
+@@ -314,4 +314,11 @@
+  */
+ void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg);
+ 
++/**
++ * Register the fact that there is no ipv6 and thus AAAAs are not going 
++ * to be queried for or be useful.
++ * @param dp: the delegation point. Updated to reflect no ipv6.
++ */
++void delegpt_no_ipv6(struct delegpt* dp);
++
+ #endif /* ITERATOR_ITER_DELEGPT_H */
+Index: iterator/iterator.c
+===================================================================
+--- iterator/iterator.c	(revision 1952)
++++ iterator/iterator.c	(revision 1953)
+@@ -1305,6 +1305,8 @@
+ 		verbose(VERB_QUERY, "Failed to get a delegation, giving up");
+ 		return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
+ 	}
++	if(!ie->supports_ipv6)
++		delegpt_no_ipv6(iq->dp);
+ 	delegpt_log(VERB_ALGO, iq->dp);
+ 
+ 	if(iq->num_current_queries>0) {
+Index: doc/Changelog
+===================================================================
+--- doc/Changelog	(revision 1952)
++++ doc/Changelog	(revision 1953)
+@@ -1,3 +1,11 @@
++8 January 2010: Wouter
++	- Fix for parent-child disagreement code which could have trouble
++	  when (a) ipv6 was disabled and (b) the TTL for parent and child
++	  were different.  There were two bugs, the parent-side information
++	  is fixed to no longer block lookup of child side information and
++	  the iterator is fixed to no longer attempt to get ipv6 when it is
++	  not enabled and then give up in failure.
++
+ 7 January 2010: Wouter
+ 	- Fixup python documentation (thanks Leo Vandewoestijne).
+ 	- Work on cache prefetch feature.
+Index: testdata/iter_pcttl.rpl
+===================================================================
+--- testdata/iter_pcttl.rpl	(revision 0)
++++ testdata/iter_pcttl.rpl	(revision 1953)
+@@ -0,0 +1,245 @@
++; config options
++server:
++	target-fetch-policy: "0 0 0 0 0"
++	do-ip6: no
++
++stub-zone:
++	name: "."
++	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
++CONFIG_END
++
++SCENARIO_BEGIN Test cache ttls where parent child differ in ttl
++; and the lameness for parent suddenly becomes the only information point.
++
++; K.ROOT-SERVERS.NET.
++RANGE_BEGIN 0 100
++	ADDRESS 193.0.14.129 
++ENTRY_BEGIN
++MATCH opcode qtype qname
++ADJUST copy_id
++REPLY QR NOERROR
++SECTION QUESTION
++. IN NS
++SECTION ANSWER
++. IN NS	K.ROOT-SERVERS.NET.
++SECTION ADDITIONAL
++K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
++ENTRY_END
++
++ENTRY_BEGIN
++MATCH opcode subdomain
++ADJUST copy_id copy_query
++REPLY QR NOERROR
++SECTION QUESTION
++com. IN NS
++SECTION AUTHORITY
++com.	IN NS	a.gtld-servers.net.
++SECTION ADDITIONAL
++a.gtld-servers.net.	IN 	A	192.5.6.30
++ENTRY_END
++
++ENTRY_BEGIN
++MATCH opcode subdomain
++ADJUST copy_id copy_query
++REPLY QR NOERROR
++SECTION QUESTION
++net. IN NS
++SECTION AUTHORITY
++net.	IN NS	e.gtld-servers.net.
++SECTION ADDITIONAL
++e.gtld-servers.net.	IN 	A	192.12.94.30
++ENTRY_END
++
++RANGE_END
++
++; a.gtld-servers.net.
++RANGE_BEGIN 0 100
++	ADDRESS 192.5.6.30
++ENTRY_BEGIN
++MATCH opcode qtype qname
++ADJUST copy_id
++REPLY QR NOERROR
++SECTION QUESTION
++com. IN NS
++SECTION ANSWER
++com.	IN NS	a.gtld-servers.net.
++SECTION ADDITIONAL
++a.gtld-servers.net.	IN 	A	192.5.6.30
++ENTRY_END
++
++ENTRY_BEGIN
++MATCH opcode subdomain
++ADJUST copy_id copy_query
++REPLY QR NOERROR
++SECTION QUESTION
++example.com. IN NS
++SECTION AUTHORITY
++example.com.	IN NS	ns.foo.com.
++SECTION ADDITIONAL
++;ns.foo.com.	200 	IN 	A	1.2.3.44
++ENTRY_END
++
++ENTRY_BEGIN
++MATCH opcode subdomain
++ADJUST copy_id copy_query
++REPLY QR NOERROR
++SECTION QUESTION
++foo.com. IN NS
++SECTION AUTHORITY
++foo.com.	200 IN NS	ns.foo.com.
++SECTION ADDITIONAL
++ns.foo.com.	200 	IN 	A	1.2.3.44
++ENTRY_END
++
++RANGE_END
++
++; e.gtld-servers.net.
++RANGE_BEGIN 0 100
++	ADDRESS 192.12.94.30
++ENTRY_BEGIN
++MATCH opcode qtype qname
++ADJUST copy_id
++REPLY QR NOERROR
++SECTION QUESTION
++net. IN NS
++SECTION ANSWER
++net.	IN NS	e.gtld-servers.net.
++SECTION ADDITIONAL
++e.gtld-servers.net.	IN 	A	192.12.94.30
++ENTRY_END
++
++RANGE_END
++
++; ns.foo.com.
++; The parent-IP version
++RANGE_BEGIN 0 100
++	ADDRESS 1.2.3.44
++ENTRY_BEGIN
++MATCH opcode qtype qname
++ADJUST copy_id
++REPLY AA QR NOERROR
++SECTION QUESTION
++foo.com. IN NS
++SECTION ANSWER
++foo.com.	200 IN NS	ns.foo.com.
++SECTION ADDITIONAL
++ns.foo.com.	100 	IN 	A	1.2.3.44
++ENTRY_END
++
++ENTRY_BEGIN
++MATCH opcode qtype qname
++ADJUST copy_id
++REPLY AA QR NOERROR
++SECTION QUESTION
++ns.foo.com. IN A
++SECTION ANSWER
++ns.foo.com. 100 IN A	1.2.3.44
++SECTION AUTHORITY
++foo.com.	200 IN NS	ns.foo.com.
++ENTRY_END
++
++ENTRY_BEGIN
++MATCH opcode qtype qname
++ADJUST copy_id
++REPLY AA QR NOERROR
++SECTION QUESTION
++ns.foo.com. IN AAAA
++SECTION AUTHORITY
++foo.com.    100 IN SOA . . 1 2 3 4 5
++ENTRY_END
++
++ENTRY_BEGIN
++MATCH opcode qtype qname
++ADJUST copy_id
++REPLY AA QR NOERROR
++SECTION QUESTION
++example.com. IN NS
++SECTION ANSWER
++example.com.	200 IN NS	ns.foo.com.
++ENTRY_END
++
++ENTRY_BEGIN
++MATCH opcode qtype qname
++ADJUST copy_id
++REPLY AA QR NOERROR
++SECTION QUESTION
++www.example.com. IN A
++SECTION ANSWER
++www.example.com. 100 IN A	10.20.30.40
++SECTION AUTHORITY
++example.com.	200 IN NS	ns.foo.com.
++SECTION ADDITIONAL
++ns.foo.com 	100 IN A 	1.2.3.44
++ENTRY_END
++RANGE_END
++
++; NOT USED.  The parent side equals child side but not in the cache.
++; and they have different TTLs only.
++; ns.foo.com
++; The child IP version.   Does not respond to anything (servfail instead
++; of timeouts since this is easier to encode in .rpl file format).
++RANGE_BEGIN 0 100
++	ADDRESS 1.2.3.55
++ENTRY_BEGIN
++MATCH opcode 
++ADJUST copy_id copy_query
++REPLY QR SERVFAIL
++SECTION QUESTION
++foo.com. IN NS
++SECTION ANSWER
++ENTRY_END
++
++RANGE_END
++
++STEP 1 QUERY
++ENTRY_BEGIN
++REPLY RD
++SECTION QUESTION
++www.example.com. IN A
++ENTRY_END
++
++; recursion happens here.
++STEP 20 CHECK_ANSWER
++ENTRY_BEGIN
++MATCH all
++REPLY QR RD RA NOERROR
++SECTION QUESTION
++www.example.com. IN A
++SECTION ANSWER
++www.example.com. 100 IN A	10.20.30.40
++SECTION AUTHORITY
++example.com.	100 IN NS	ns.foo.com.
++; scrubbed off
++;SECTION ADDITIONAL
++;ns.foo.com 	IN A 	1.2.3.44
++ENTRY_END
++
++; Now we wait 101 seconds, and the child data is gone,
++; but the parent-side was cached for 200 and it still there.
++
++STEP 30 TIME_PASSES ELAPSE 101
++
++STEP 40 QUERY
++ENTRY_BEGIN
++REPLY RD
++SECTION QUESTION
++www.example.com. IN A
++ENTRY_END
++
++; recursion happens here.
++STEP 50 CHECK_ANSWER
++ENTRY_BEGIN
++MATCH all
++REPLY QR RD RA NOERROR
++SECTION QUESTION
++www.example.com. IN A
++SECTION ANSWER
++www.example.com. 100 IN A	10.20.30.40
++SECTION AUTHORITY
++example.com.	100 IN NS	ns.foo.com.
++; scrubbed off
++;SECTION ADDITIONAL
++;ns.foo.com 	IN A 	1.2.3.44
++ENTRY_END
++
++SCENARIO_END