On Fri, Mar 20, 2026 at 03:49:51AM +0000, Mukund Sivaraman wrote:
> Loop currently returns "Forged Answer" in the EDE option in one case:
> for RPZ rewrites where the policy action is a record. The existing RFC
> 8194 INFO-CODES Filtered, Blocked and Censored would not apply to such a
> response, because these state "The server is unable to respond..."
> implying they are meant to be used in responses where there is no answer
> and the RCODE is NXDOMAIN or NODATA.
>
> Would Censored be the INFO-CODE that this draft wants us to use in this
> case? From RFC 8194:
>
> > 4.17. Extended DNS Error Code 16 - Censored
>
> > The server is unable to respond to the request because the domain is
> > on a blocklist due to an external requirement imposed by an entity
> > other than the operator of the server resolving or forwarding the
> > query. Note that how the imposed policy is applied is irrelevant
> > (in-band DNS filtering, court order, etc.).
For RPZ policy action of record, we'll not return a structured DNS
error, but continue to return plain RFC 8918 EDE with INFO-CODE = 4
(Forged Answer).
Mukund
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
