Hi Mukund, I notice you raised comments and also provided responses in the same thread. If you have additional comments on the draft, please start a new thread so they can be tracked and discussed separately.
Cheers, -Tiru On Fri, 20 Mar 2026 at 09:31, Mukund Sivaraman <[email protected]> wrote: > On Fri, Mar 20, 2026 at 03:49:51AM +0000, Mukund Sivaraman wrote: > > Loop currently returns "Forged Answer" in the EDE option in one case: > > for RPZ rewrites where the policy action is a record. The existing RFC > > 8194 INFO-CODES Filtered, Blocked and Censored would not apply to such a > > response, because these state "The server is unable to respond..." > > implying they are meant to be used in responses where there is no answer > > and the RCODE is NXDOMAIN or NODATA. > > > > Would Censored be the INFO-CODE that this draft wants us to use in this > > case? From RFC 8194: > > > > > 4.17. Extended DNS Error Code 16 - Censored > > > > > The server is unable to respond to the request because the domain is > > > on a blocklist due to an external requirement imposed by an entity > > > other than the operator of the server resolving or forwarding the > > > query. Note that how the imposed policy is applied is irrelevant > > > (in-band DNS filtering, court order, etc.). > > For RPZ policy action of record, we'll not return a structured DNS > error, but continue to return plain RFC 8918 EDE with INFO-CODE = 4 > (Forged Answer). > > Mukund > > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
