From: Remi Gacogne Date: Tue, 17 Nov 2020 08:28:14 +0000 (+0100) Subject: rec: Rename the EDE setting to 'extended-resolution-errors' X-Git-Tag: auth-4.4.0-beta1~2^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=699bc10a395f1b740970cd780aef1cb9be4a7b52;p=thirdparty%2Fpdns.git rec: Rename the EDE setting to 'extended-resolution-errors' Also make RPZ and Lua EDE independent of that setting. --- diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index d81529d1e7..ddaa7274a1 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -246,7 +246,7 @@ static std::set s_avoidUdpSourcePorts; static uint16_t s_minUdpSourcePort; static uint16_t s_maxUdpSourcePort; static double s_balancingFactor; -static bool s_addExtendedDNSErrors; +static bool s_addExtendedResolutionDNSErrors; RecursorControlChannel s_rcc; // only active in the handler thread RecursorStats g_stats; @@ -1874,7 +1874,7 @@ static void startDoResolve(void *p) if (haveEDNS) { auto state = sr.getValidationState(); - if (s_addExtendedDNSErrors && (dc->d_extendedErrorCode || vStateIsBogus(state))) { + if (dc->d_extendedErrorCode || (s_addExtendedResolutionDNSErrors && vStateIsBogus(state))) { EDNSExtendedError::code code; std::string extra; @@ -4681,7 +4681,7 @@ static int serviceMain(int argc, char*argv[]) g_statisticsInterval = ::arg().asNum("statistics-interval"); - s_addExtendedDNSErrors = ::arg().mustDo("extended-errors"); + s_addExtendedResolutionDNSErrors = ::arg().mustDo("extended-resolution-errors"); { SuffixMatchNode dontThrottleNames; @@ -5424,7 +5424,7 @@ int main(int argc, char **argv) ::arg().set("unique-response-pb-tag", "If protobuf is configured, the tag to use for messages containing unique DNS responses. Defaults to 'pdns-udr'")="pdns-udr"; #endif /* NOD_ENABLED */ - ::arg().setSwitch("extended-errors", "If set, send the EDNS Extended Error extension on DNSSEC validation failures")="no"; + ::arg().setSwitch("extended-resolution-errors", "If set, send an EDNS Extended Error extension on resolution failures, like DNSSEC validation errors")="no"; ::arg().setCmd("help","Provide a helpful message"); ::arg().setCmd("version","Print version string"); diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst index e3055d03d6..41dd600804 100644 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@ -621,16 +621,16 @@ If set, all hostnames in the `export-etc-hosts`_ file are loaded in canonical fo So an entry called 'pc' with ``export-etc-hosts-search-suffix='home.com'`` will lead to the generation of 'pc.home.com' within the recursor. An entry called 'server1.home' will be stored as 'server1.home', regardless of this setting. -.. _setting-extended-errors: +.. _setting-extended-resolution-errors: -``extended-errors`` -------------------- +``extended-resolution-errors`` +------------------------------ .. versionadded:: 4.5.0 - Boolean - Default: no -If set, the recursor will add an EDNS Extended Error (:rfc:`8914`) to responses failing DNSSEC validation, explaining the failure. Enabling this setting will also allow setting custom error codes from Lua or from a RPZ hit. +If set, the recursor will add an EDNS Extended Error (:rfc:`8914`) to responses when resolution failed, like DNSSEC validation errors, explaining the reason it failed. This setting is not needed to allow setting custom error codes from Lua or from a RPZ hit. .. _setting-forward-zones: diff --git a/regression-tests.recursor-dnssec/test_ExtendedErrors.py b/regression-tests.recursor-dnssec/test_ExtendedErrors.py index 357f762d2b..df88990df5 100644 --- a/regression-tests.recursor-dnssec/test_ExtendedErrors.py +++ b/regression-tests.recursor-dnssec/test_ExtendedErrors.py @@ -20,7 +20,7 @@ disable-syslog=yes log-common-errors=yes """ _config_template = """ - extended-errors=yes + extended-resolution-errors=yes """ _lua_config_file = """ rpzFile('configs/%s/zone.rpz', { policyName="zone.rpz.", extendedErrorCode=15, extendedErrorExtra='Blocked by RPZ!'}) @@ -220,7 +220,7 @@ disable-syslog=yes log-common-errors=yes """ _config_template = """ - extended-errors=no + extended-resolution-errors=no """ _roothints = None