[Dnsmasq-discuss] [PATCH] Report filtered A or AAAA records via EDE code
Simon Kelley
simon at thekelleys.org.uk
Thu Mar 30 17:28:04 UTC 2023
I just merged the branch I've been working on for the last week which
includes this patch, but much modified because the surrounding code has
changed. The function is unaltered.
The other changes are adding the ability to cache any RR-type, and the
ability to filter any RR-type. There's quite a bit of code cleanup in
the affected code paths too.
Simon.
On 21/03/2023 12:05, Petr Menšík wrote:
> On 3/17/23 19:08, Simon Kelley wrote:
>> I think that looks like a sensible change. I'm slightly worried about
>> the definition of EDE_FILTERED
>>
>> 4.18. Extended DNS Error Code 17 - Filtered
>> The server is unable to respond to the request because the domain is
>> on a blocklist as requested by the client. Functionally, this
>> amounts to "you requested that we filter domains like this one."
>>
>> Which talks about domains and not RRtypes. You can imagine a client
>> noting that a domain is filtered and not sending other queries for the
>> domain, when in this case they are fine, it's the RRtype which is
>> being filtered.
>>
>>
>> Simon.
>>
> Yes, I have noticed that too. But there does not seem to be any code
> better suited for filtered RRtypes. Do you know any software doing such
> decisions based on just EDE code? It would make sense to do so based on
> NXDOMAIN response, marked also with Filtered code. But by NOERROR
> response code we clearly indicate such domain is there and may return
> something for different types. I think response code has stronger
> authority than EDE code.
>
> Alternatively we would have to request another code registered for
> filtered types only. I think asking on dnsop for opinions would not hurt.
>
> Cheers,
> Petr
>
More information about the Dnsmasq-discuss
mailing list