send EDNS with SERVFAILs, e.g. on validation failures (!827) · Merge requests · Knot projects / Knot Resolver

Vladimír Čunát requested to merge opt-in-bogus into master Jun 18, 2019

Fixes https://gitlab.labs.nic.cz/knot/knot-resolver/issues/180. Extracted out of !794 (closed) and !660 (closed).

Large pipeline seems good: https://gitlab.labs.nic.cz/knot/knot-resolver/pipelines/49582 (earlier version: https://gitlab.labs.nic.cz/knot/knot-resolver/pipelines/49365)

Possible caveats: modules that want to produce a SERVFAIL will need to clear to_wire flags on RRs that shouldn't go into the answer (which depends on what the module wants to achieve). That's probably hard to avoid, as e.g. in case of CNAME chains we should use non-empty SERVFAILs anyway (but that will be fixed in !660 (closed) or similar).

Edited Jun 25, 2019 by Vladimír Čunát

Admin message

Admin message

send EDNS with SERVFAILs, e.g. on validation failures

Merge request reports