From 23601205627b5338c60e792ab00d0e01e73ac261 Mon Sep 17 00:00:00 2001
From: TCY16 <tom@nlnetlabs.nl>
Date: Mon, 13 Sep 2021 13:25:17 +0200
Subject: [PATCH] add mesh bogus test, possible locations for more EDE and
 remove superfluous todo comments

---
 services/localzone.c       | 2 --
 services/mesh.c            | 1 +
 services/rpz.c             | 2 --
 testdata/ede.tdir/ede.test | 9 +++++++++
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/services/localzone.c b/services/localzone.c
index 7e9df6d10..ce1d654fc 100644
--- a/services/localzone.c
+++ b/services/localzone.c
@@ -1274,7 +1274,6 @@ local_encode(struct query_info* qinfo, struct module_env* env,
 		repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep,
 		*(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2),
 		buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) {
-		/* @TODO: Do we need EDE here? Which one? */
 		error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
 			*(uint16_t*)sldns_buffer_begin(buf),
 			sldns_buffer_read_u16_at(buf, 2), edns);
@@ -1316,7 +1315,6 @@ local_encode_ede(struct query_info* qinfo, struct module_env* env,
 		if(!reply_info_answer_encode(qinfo, &rep,
 			*(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2),
 			buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) {
-			/* @TODO: Do we need EDE here? Which one? */
 			error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
 				*(uint16_t*)sldns_buffer_begin(buf),
 				sldns_buffer_read_u16_at(buf, 2), edns);
diff --git a/services/mesh.c b/services/mesh.c
index b6fba07e6..991dcce7d 100644
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -1311,6 +1311,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
 			if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
 			rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time))
 				r->edns.opt_list = NULL;
+			// @TODO EDE?
 			error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
 				&m->s.qinfo, r->qid, r->qflags, &r->edns);
 		}
diff --git a/services/rpz.c b/services/rpz.c
index f7ed0cfc0..3a1ec00d7 100644
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1050,8 +1050,6 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
 		return !qinfo->local_alias;
 	}
 
-	// @TODO: Find out if it's local answer or blocked; if blocked then EDE: blocked
-	// -> we do that in this function
 	ret = local_zones_zone_answer(z, env, qinfo, edns, repinfo, buf, temp,
 		0 /* no local data used */, lzt);
 	if(r->log)
diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test
index c81d7f89f..aeec9b20a 100644
--- a/testdata/ede.tdir/ede.test
+++ b/testdata/ede.tdir/ede.test
@@ -80,8 +80,17 @@ then
 	exit 1
 fi
 
+# @TODO what does this trigger?
 dig @localhost hopsa.kidee. A
 
+# @TODO trigger mesh DNSSEC bogus
+dig @127.0.0.1 -p $UNBOUND_PORT servfail.nl > servfail.txt
+
+if ! grep -q "OPT=15: 00 06" servfail.txt
+then
+	echo "query to servfail.nl should return EDE DNSSEC bogus"
+	exit 1
+fi
 
 # teardown
 kill_pid $UNBOUND_PID
\ No newline at end of file
-- 
2.47.2