On 3/17/23 19:08, Simon Kelley wrote:
I think that looks like a sensible change. I'm slightly worried about
the definition of EDE_FILTERED
4.18. Extended DNS Error Code 17 - Filtered
The server is unable to respond to the request because the domain is
on a blocklist as requested by the client. Functionally, this
amounts to "you requested that we filter domains like this one."
Which talks about domains and not RRtypes. You can imagine a client
noting that a domain is filtered and not sending other queries for the
domain, when in this case they are fine, it's the RRtype which is
being filtered.
Simon.
Yes, I have noticed that too. But there does not seem to be any code
better suited for filtered RRtypes. Do you know any software doing such
decisions based on just EDE code? It would make sense to do so based on
NXDOMAIN response, marked also with Filtered code. But by NOERROR
response code we clearly indicate such domain is there and may return
something for different types. I think response code has stronger
authority than EDE code.
Alternatively we would have to request another code registered for
filtered types only. I think asking on dnsop for opinions would not hurt.
Cheers,
Petr
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
