Adding Extra Text to EDNS EDE Responses in BIND 9.19.24

Mon, 12 Aug 2024 07:07:12 -0700 

Hello All,

I’m currently working with BIND 9.19.24 and have successfully implemented EDNS 
EDE (Extended DNS Error) with the following configuration:

        response-policy {
            zone "rpz.example.com" ede blocked; }
            add-soa false

This correctly returns the OPT code 15 for a blocked response:

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; OPT=15: 00 0f ("..")

I would like to add some additional text to the EDE response, such as a reason 
for the block (e.g., "Blocked because – REASON").

According to RFC 5198, it should be possible to use an extra-text field:

EXTRA-TEXT:
A variable-length, UTF-8-encoded [RFC5198] text field that may hold additional 
textual information. This information is intended for human consumption (not 
automated parsing). The EDE text may be null terminated but MUST NOT be assumed 
to be; the length MUST be derived from the OPTION-LENGTH field. The EXTRA-TEXT 
field may be zero octets in length, indicating that there is no EXTRA-TEXT 
included. Care should be taken not to include private information in the 
EXTRA-TEXT field that an observer would not otherwise have access to, such as 
account numbers.

However, I haven’t been able to find an option for extra-text in the BIND 
configuration. Is this feature not supported yet, or is there a different 
approach I should be using?

Thanks for your help!


This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to