[Dnsmasq-discuss] [PATCH] Report filtered A or AAAA records via EDE code
Petr Menšík
pemensik at redhat.com
Tue Mar 21 12:05:12 UTC 2023
On 3/17/23 19:08, Simon Kelley wrote:
> I think that looks like a sensible change. I'm slightly worried about
> the definition of EDE_FILTERED
>
> 4.18. Extended DNS Error Code 17 - Filtered
> The server is unable to respond to the request because the domain is
> on a blocklist as requested by the client. Functionally, this
> amounts to "you requested that we filter domains like this one."
>
> Which talks about domains and not RRtypes. You can imagine a client
> noting that a domain is filtered and not sending other queries for the
> domain, when in this case they are fine, it's the RRtype which is
> being filtered.
>
>
> Simon.
>
Yes, I have noticed that too. But there does not seem to be any code
better suited for filtered RRtypes. Do you know any software doing such
decisions based on just EDE code? It would make sense to do so based on
NXDOMAIN response, marked also with Filtered code. But by NOERROR
response code we clearly indicate such domain is there and may return
something for different types. I think response code has stronger
authority than EDE code.
Alternatively we would have to request another code registered for
filtered types only. I think asking on dnsop for opinions would not hurt.
Cheers,
Petr
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
More information about the Dnsmasq-discuss
mailing list