Merge pull request #12698 from omoerbeek/rec-synthesized

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Mon, 3 Apr 2023 11:10:46 +0000 (13:10 +0200)

committer GitHub <noreply@github.com>

Mon, 3 Apr 2023 11:10:46 +0000 (13:10 +0200)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Mon, 3 Apr 2023 11:10:46 +0000 (13:10 +0200)
committer GitHub <noreply@github.com>
Mon, 3 Apr 2023 11:10:46 +0000 (13:10 +0200)
diff --git a/pdns/recursordist/ednsextendederror.hh b/pdns/recursordist/ednsextendederror.hh

index 600aa14534429b41a7ef1280a7ce9f795f53daf1..5b264fcf69b6f2985ac39d8b5ba9a01e25ff924a 100644 (file)
--- a/pdns/recursordist/ednsextendederror.hh
+++ b/pdns/recursordist/ednsextendederror.hh
@@ -50,7 +50,12 @@ struct EDNSExtendedError
      NotSupported = 21,
      NoReachableAuthority = 22,
      NetworkError = 23,
-    InvalidData = 24
+    InvalidData = 24,
+    SignatureExpiredBeforeValid = 25,
+    TooEarly = 26,
+    UnsupportedNSEC3IterationsValue = 27,
+    UnableToConformToPolicy = 28,
+    Synthesized = 29,
    };
    uint16_t infoCode;
    std::string extraText;
diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc

index 6c22c9ddbede1368bb4b8486cee7c7b43ae32d6e..f26c6fc5937b0beb0e99a4ec4eafcbdd9be0b40c 100644 (file)
--- a/pdns/recursordist/syncres.cc
+++ b/pdns/recursordist/syncres.cc
@@ -2757,7 +2757,7 @@ bool SyncRes::doCacheCheck(const DNSName& qname, const DNSName& authname, bool w
      giveNegative = true;
      cachedState = ne.d_validationState;
      if (s_addExtendedResolutionDNSErrors) {
-      context.extendedError = EDNSExtendedError{0, "Result synthesized by root-nx-trust"};
+      context.extendedError = EDNSExtendedError{static_cast<uint16_t>(EDNSExtendedError::code::Synthesized), "Result synthesized by root-nx-trust"};
      }
    }
    else if (g_negCache->get(qname, qtype, d_now, ne, false, d_serveStale, d_refresh)) {
@@ -2779,13 +2779,13 @@ bool SyncRes::doCacheCheck(const DNSName& qname, const DNSName& authname, bool w
            LOG(prefix << qname << "|" << qtype << ": Is negatively cached via '" << ne.d_auth << "' for another " << sttl << " seconds" << endl);
            res = RCode::NoError;
            if (s_addExtendedResolutionDNSErrors) {
-            context.extendedError = EDNSExtendedError{0, "Result from negative cache"};
+            context.extendedError = EDNSExtendedError{static_cast<uint16_t>(EDNSExtendedError::code::Synthesized), "Result from negative cache"};
            }
          }
          else {
            LOG(prefix << qname << ": Entire name '" << qname << "' is negatively cached via '" << ne.d_auth << "' for another " << sttl << " seconds" << endl);
            if (s_addExtendedResolutionDNSErrors) {
-            context.extendedError = EDNSExtendedError{0, "Result from negative cache for entire name"};
+            context.extendedError = EDNSExtendedError{static_cast<uint16_t>(EDNSExtendedError::code::Synthesized), "Result from negative cache for entire name"};
            }
          }
        }
@@ -2811,7 +2811,7 @@ bool SyncRes::doCacheCheck(const DNSName& qname, const DNSName& authname, bool w
            cachedState = ne.d_validationState;
            LOG(prefix << qname << ": Name '" << negCacheName << "' and below, is negatively cached via '" << ne.d_auth << "' for another " << sttl << " seconds" << endl);
            if (s_addExtendedResolutionDNSErrors) {
-            context.extendedError = EDNSExtendedError{0, "Result synthesized by nothing-below-nxdomain (RFC8020)"};
+            context.extendedError = EDNSExtendedError{static_cast<uint16_t>(EDNSExtendedError::code::Synthesized), "Result synthesized by nothing-below-nxdomain (RFC8020)"};
            }
            break;
          }
@@ -2973,7 +2973,7 @@ bool SyncRes::doCacheCheck(const DNSName& qname, const DNSName& authname, bool w
      if (g_aggressiveNSECCache->getDenial(d_now.tv_sec, qname, qtype, ret, res, d_cacheRemote, d_routingTag, d_doDNSSEC, LogObject(prefix))) {
        context.state = vState::Secure;
        if (s_addExtendedResolutionDNSErrors) {
-        context.extendedError = EDNSExtendedError{0, "Result synthesized from aggressive NSEC cache (RFC8198)"};
+        context.extendedError = EDNSExtendedError{static_cast<uint16_t>(EDNSExtendedError::code::Synthesized), "Result synthesized from aggressive NSEC cache (RFC8198)"};
        }
        return true;
      }
diff --git a/regression-tests.recursor-dnssec/test_AggressiveNSECCache.py b/regression-tests.recursor-dnssec/test_AggressiveNSECCache.py

index 35588e33c6d7356c95dbb790ae2c821ff425837e..2ff833efcd58efff054d0686a5e6daecb08c3559 100644 (file)
--- a/regression-tests.recursor-dnssec/test_AggressiveNSECCache.py
+++ b/regression-tests.recursor-dnssec/test_AggressiveNSECCache.py
@@ -93,7 +93,7 @@ class AggressiveNSECCacheBase(RecursorTest):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
  class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
      _confdir = 'AggressiveNSECCacheNSEC'
@@ -131,7 +131,7 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
      def testWildcard(self):
          self.wipe()
@@ -158,7 +158,7 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
          # now we ask for a type that does not exist at the wildcard
          hits = self.getMetric('aggressive-nsec-cache-nsec-hits')
@@ -173,7 +173,7 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
          # we can also ask a different type, for a different name that is covered
          # by the NSEC and matches the wildcard (but the type does not exist)
@@ -189,7 +189,7 @@ class AggressiveNSECCacheNSEC(AggressiveNSECCacheBase):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
      def test_Bogus(self):
          self.wipe()
@@ -303,7 +303,7 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
      def testWildcard(self):
          self.wipe()
@@ -336,7 +336,7 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
          # now we ask for a type that does not exist at the wildcard
          nbQueries = self.getMetric('all-outqueries')
@@ -349,7 +349,7 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
          # we can also ask a different type, for a different name that is covered
          # by the NSEC3s and matches the wildcard (but the type does not exist)
@@ -363,7 +363,7 @@ class AggressiveNSECCacheNSEC3(AggressiveNSECCacheBase):
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized from aggressive NSEC cache (RFC8198)'))
  
      def test_OptOut(self):
          self.wipe()
diff --git a/regression-tests.recursor-dnssec/test_RootNXTrust.py b/regression-tests.recursor-dnssec/test_RootNXTrust.py

index 21254b4db272ee38b28e82b5fc36e04d6ff87129..cb1133641b3e8114101e74931a407c23fd6a929c 100644 (file)
--- a/regression-tests.recursor-dnssec/test_RootNXTrust.py
+++ b/regression-tests.recursor-dnssec/test_RootNXTrust.py
@@ -138,4 +138,4 @@ extended-resolution-errors
          self.assertEqual(res.edns, 0)
          self.assertEqual(len(res.options), 1)
          self.assertEqual(res.options[0].otype, 15)
-        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(0, b'Result synthesized by root-nx-trust'))
+        self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(29, b'Result synthesized by root-nx-trust'))
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Mon, 3 Apr 2023 11:10:46 +0000 (13:10 +0200)
committer	GitHub <noreply@github.com>
	Mon, 3 Apr 2023 11:10:46 +0000 (13:10 +0200)
pdns/recursordist/ednsextendederror.hh		patch \| blob \| blame \| history
pdns/recursordist/syncres.cc		patch \| blob \| blame \| history
regression-tests.recursor-dnssec/test_AggressiveNSECCache.py		patch \| blob \| blame \| history
regression-tests.recursor-dnssec/test_RootNXTrust.py		patch \| blob \| blame \| history