I am attempting to implement support for Structured DNS Error on a
branch. Some questions as it's not clear from the draft:
(1) When a client queries with the EDNS SDE option in the query, what is
the server behavior when there is a non-filtered non-other EDE response?
For example, if the EDE INFO-CODE is "Unsupported NSEC3 Iterations
Value" (27) or "Rate Limited" (28), should a plain RFC 8914 option be
returned or a structured DNS error be returned with the "j" (and
optionally "c" and "o") fields populated?
(2) From the draft:
> If the query includes the SDE option as per Section 5.1, the server
> MUST NOT return the "Forged Answer" extended error code because the
> client can take advantage of EDE's more sophisticated error reporting
> (e.g., "Filtered", "Blocked"). Continuing to send "Forged Answer" even
> to an EDE-supporting client will cause the persistence of the
> drawbacks described in Section 3.
What INFO-CODE instead of 4 (Forged Answer) does the server return in
this case alongside the JSON EXTRA-TEXT?
Or is this RFC stating that a plain RFC 8914 EXTRA-TEXT must not be
returned?
Mukund
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
