plugin/acl : add support for Extended DNS Errors

Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>

plugin/acl : add support for Extended DNS Errors
Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
c136f392 · Ondřej Benkovský · edbe02c0 · c136f392 · c136f392
Commit c136f392 authored Jul 23, 2022 by Ondřej Benkovský
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 243 additions and 231 deletions

plugin/acl/acl.go plugin/acl/acl.go +6 -0

plugin/acl/acl_test.go plugin/acl/acl_test.go +237 -231

No files found.
--- a/plugin/acl/acl.go
+++ b/plugin/acl/acl.go
@@ -71,6 +71,9 @@ RulesCheckLoop:
 			{
 				m := new(dns.Msg)
 				m.SetRcode(r, dns.RcodeRefused)
+				m = m.SetEdns0(4096, true)
+				ede := dns.EDNS0_EDE{InfoCode: dns.ExtendedErrorCodeBlocked}
+				m.IsEdns0().Option = append(m.IsEdns0().Option, &ede)
 				w.WriteMsg(m)
 				RequestBlockCount.WithLabelValues(metrics.WithServer(ctx), zone).Inc()
 				return dns.RcodeSuccess, nil
@@ -83,6 +86,9 @@ RulesCheckLoop:
 			{
 				m := new(dns.Msg)
 				m.SetRcode(r, dns.RcodeSuccess)
+				m = m.SetEdns0(4096, true)
+				ede := dns.EDNS0_EDE{InfoCode: dns.ExtendedErrorCodeFiltered}
+				m.IsEdns0().Option = append(m.IsEdns0().Option, &ede)
 				w.WriteMsg(m)
 				RequestFilterCount.WithLabelValues(metrics.WithServer(ctx), zone).Inc()
 				return dns.RcodeSuccess, nil

--- a/plugin/acl/acl_test.go
+++ b/plugin/acl/acl_test.go