extended DNS errors support
Credit for the original prototype (!794 (closed)) goes to Stéphane Bortzmeyer and Vladimír Čunát. Supersedes !794 (closed).
EDE codes
Used
- 0 - Other
- 3 - Stale Answer
- 4 - Forged Answer
- 6 - DNSSEC Bogus
- 7 - Signature Expired
- 8 - Signature Not Yet Valid
- 10 - RRSIGs Missing
- 12 - NSEC Missing
- 15 - Blocked
- 18 - Prohibited
- 20 - Not Authoritative
- 21 - Not Supported
- 22 - No Reachable Authority
Ununsed
- 1 - Unsupported DNSKEY Algorithm: we use Other(0) instead
- 2 - Unsupported DS Digest Type: we use Other(0) instead
- 5 - DNSSEC Indeterminate
- 9 - DNSKEY Missing: we use DNSSEC Bogus(6) instead
- 11 - No Zone Key Bit Set: we use DNSSEC Bogus(6) instead
- 13 - Cached Error
- 14 - Not Ready
- 16 - Censored: possible to use with DENY_MSG
- 17 - Filtered: possible to use with DENY_MSG
- 19 - Stale NXDOMAIN Answer: we use Stale Answer(3) instead
- 23 - Network Error
- 24 - Invalid Data
TODOs
-
figure out remaining TODOs in code -
do we want any test coverage? how?
Edited by Tomas Krizek
Merge request reports
Activity
Filter activity
changed milestone to %5.5.0
added feature label
mentioned in merge request !794 (closed)
added 16 commits
- 6dc8afd7 - lib/resolve: kr_extended_error_t and related func
- f23af8e7 - lib/log: add LOG_GRP_EDE
- 9e4d0e1a - modules/extended_error: OPT section modification
- de7928fa - validate: add extended DNS errors
- a8a8fdc0 - validate: refactor - remove check for impossible return values
- 43fdd775 - validate: additional EDE DNSSEC errors
- efe878ea - modules/extended_error: package module
- f0c2eeff - logging: remove QVERBOSE in favor of kr_log_q
- 80b9c267 - ede: add KNOT_EDNS_EDE_NREACH_AUTH
- 74d60983 - ede: handle stale answers
- 70eb1898 - ede: handle not authoritative
- eb7218ff - kluautil: kr_string2c function
- de70556d - lua: extended_error const table
- 2eecadff - modules/dns64: EDE - mark as forged
- 0c3d8ad5 - policy: add extended errors
- 4d6695bd - libknot: bump dependency version to 3.0.2
Toggle commit listadded 1 commit
- e39dd1e1 - fixup! libknot: bump dependency version to 3.0.2
marked this merge request as draft from e39dd1e1
Resolved by Tomas Krizek- Resolved by Tomas Krizek
- Resolved by Tomas Krizek
- Resolved by Tomas Krizek
I wonder if each line that sets an EDE should put some code into the error message, allowing us to uniquely identify origin of the error. As the EDE codes themselves don't carry that much information, I suspect these could get very useful in debugging, and they could be rather cheap (a couple bytes).
-
Last reply by
Tomas Krizek
- Resolved by Tomas Krizek
- Resolved by Vladimír Čunát
- Resolved by Tomas Krizek
- Resolved by Tomas Krizek
- Resolved by Tomas Krizek
added 1 commit
- b28e9f65 - fixup! validate: additional EDE DNSSEC errors
added 5 commits
Toggle commit list- Resolved by Vladimír Čunát
mentioned in merge request !1239 (merged)
Please register or sign in to reply