msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
return 0;
+ EDNS_OPT_APPEND_EDE(edns, worker->scratchpad,
+ LDNS_EDE_DNSSEC_BOGUS, "");
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
&msg->qinfo, id, flags, edns);
if(worker->stats.extended) {
LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad,
worker->env.now_tv))
goto bail_out;
+ EDNS_OPT_APPEND_EDE(edns, worker->scratchpad,
+ LDNS_EDE_DNSSEC_BOGUS, "");
error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
qinfo, id, flags, edns);
rrset_array_unlock_touch(worker->env.rrset_cache,
LDNS_EDE_NOT_AUTHORITATIVE, "Not Authoritative");
-
-
error_encode(c->buffer, LDNS_RCODE_REFUSED, &qinfo,
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
- sldns_buffer_read_u16_at(c->buffer, 2), NULL);
+ sldns_buffer_read_u16_at(c->buffer, 2), &edns);
regional_free_all(worker->scratchpad);
log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
&repinfo->addr, repinfo->addrlen);
- if(sldns_buffer_capacity(c->buffer) >=
- sldns_buffer_limit(c->buffer)+calc_edns_field_size(&edns))
- attach_edns_record(c->buffer, &edns);
-
goto send_reply;
}
&r->edns, &r->query_reply, m->s.region, &r->start_time))
r->edns.opt_list = NULL;
}
+ /* Send along EDE BOGUS EDNS0 option when answer is bogus */
+ if(rcode == LDNS_RCODE_SERVFAIL &&
+ m->s.env->need_to_validate && (!(r->qflags&BIT_CD) ||
+ m->s.env->cfg->ignore_cd) && rep &&
+ (rep->security <= sec_status_bogus ||
+ rep->security == sec_status_secure_sentinel_fail)) {
+
+ EDNS_OPT_APPEND_EDE(&r->edns, m->s.region,
+ LDNS_EDE_DNSSEC_BOGUS, "");
+ }
error_encode(r_buffer, rcode, &m->s.qinfo, r->qid,
r->qflags, &r->edns);
m->reply_list = NULL;
projects / thirdparty / unbound.git / commitdiff
