plugin/acl : add support for Extended DNS Errors (#5532)

* plugin/acl : add support for Extended DNS Errors Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com> * fixup! plugin/acl : add support for Extended DNS Errors Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>

plugin/acl : add support for Extended DNS Errors (#5532)
* plugin/acl : add support for Extended DNS Errors Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com> * fixup! plugin/acl : add support for Extended DNS Errors Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
2fe5273c · Ondřej Benkovský · GitHub · 50beb677 · 2fe5273c · 2fe5273c
Commit 2fe5273c authored Jul 25, 2022 by Ondřej Benkovský Committed by GitHub Jul 25, 2022
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 247 additions and 235 deletions

plugin/acl/acl.go plugin/acl/acl.go +10 -4

plugin/acl/acl_test.go plugin/acl/acl_test.go +237 -231

No files found.
--- a/plugin/acl/acl.go
+++ b/plugin/acl/acl.go
@@ -69,8 +69,11 @@ RulesCheckLoop:
 		switch action {
 		case actionBlock:
 			{
-				m := new(dns.Msg)
-				m.SetRcode(r, dns.RcodeRefused)
+				m := new(dns.Msg).
+					SetRcode(r, dns.RcodeRefused).
+					SetEdns0(4096, true)
+				ede := dns.EDNS0_EDE{InfoCode: dns.ExtendedErrorCodeBlocked}
+				m.IsEdns0().Option = append(m.IsEdns0().Option, &ede)
 				w.WriteMsg(m)
 				RequestBlockCount.WithLabelValues(metrics.WithServer(ctx), zone).Inc()
 				return dns.RcodeSuccess, nil
@@ -81,8 +84,11 @@ RulesCheckLoop:
 			}
 		case actionFilter:
 			{
-				m := new(dns.Msg)
-				m.SetRcode(r, dns.RcodeSuccess)
+				m := new(dns.Msg).
+					SetRcode(r, dns.RcodeSuccess).
+					SetEdns0(4096, true)
+				ede := dns.EDNS0_EDE{InfoCode: dns.ExtendedErrorCodeFiltered}
+				m.IsEdns0().Option = append(m.IsEdns0().Option, &ede)
 				w.WriteMsg(m)
 				RequestFilterCount.WithLabelValues(metrics.WithServer(ctx), zone).Inc()
 				return dns.RcodeSuccess, nil

--- a/plugin/acl/acl_test.go
+++ b/plugin/acl/acl_test.go