Skip to content

extended DNS errors support

Tomas Krizek requested to merge extended-errors into master

Credit for the original prototype (!794 (closed)) goes to Stéphane Bortzmeyer and Vladimír Čunát. Supersedes !794 (closed).

EDE codes

Used

  • 0 - Other
  • 3 - Stale Answer
  • 4 - Forged Answer
  • 6 - DNSSEC Bogus
  • 7 - Signature Expired
  • 8 - Signature Not Yet Valid
  • 10 - RRSIGs Missing
  • 12 - NSEC Missing
  • 15 - Blocked
  • 18 - Prohibited
  • 20 - Not Authoritative
  • 21 - Not Supported
  • 22 - No Reachable Authority

Ununsed

  • 1 - Unsupported DNSKEY Algorithm: we use Other(0) instead
  • 2 - Unsupported DS Digest Type: we use Other(0) instead
  • 5 - DNSSEC Indeterminate
  • 9 - DNSKEY Missing: we use DNSSEC Bogus(6) instead
  • 11 - No Zone Key Bit Set: we use DNSSEC Bogus(6) instead
  • 13 - Cached Error
  • 14 - Not Ready
  • 16 - Censored: possible to use with DENY_MSG
  • 17 - Filtered: possible to use with DENY_MSG
  • 19 - Stale NXDOMAIN Answer: we use Stale Answer(3) instead
  • 23 - Network Error
  • 24 - Invalid Data

TODOs

  • figure out remaining TODOs in code
  • do we want any test coverage? how?
Edited by Tomas Krizek

Merge request reports