Skip to content

DNS Error Reporting (RFC 9567)#902

Merged
gthess merged 25 commits intomasterfrom
features/error-reporting-poc
Apr 7, 2025
Merged

DNS Error Reporting (RFC 9567)#902
gthess merged 25 commits intomasterfrom
features/error-reporting-poc

Conversation

@wtoorop
Copy link
Member

@wtoorop wtoorop commented Jun 20, 2023
edited by gthess
Loading

@wtoorop wtoorop changed the title Features/error reporting draft-ietf-dnsop-dns-error-reporting Jun 20, 2023
gthess added 13 commits July 20, 2024 19:40
@gthess
Merge branch 'master' into features/error-reporting-poc
a3f3da4
@gthess
Generated configparser and configlexer are not versioned in master an…
308847a 
…ymore
@gthess
- Remove NOERROR DNS Error Reporting; not part of final RFC.
ea17c0a 
- Use assigned IANA EDNS0 Option Code for Report-Channel.
@gthess
Fix buffer protection and agent domain validity
d509375
@gthess
Use DNS Error Reporting instead of the eder nickname
e9a4f31
@gthess
- Update documentation.
c472337
@gthess
- Fix typo.
d5d7a62
@gthess
- Bail out early if ede is not present.
7d9f2c9
@gthess
- Forget previous EDNS options from upstream; this is what was
56200cd 
  implicitly happening but not deterministacally.
@gthess
- Don't report LDNS_EDE_OTHER and bail early if there is no reporting
bb15329 
  agent.
@gthess
Merge branch 'master' into features/error-reporting-poc
1dc588d
@gthess
- Only do DNS error reporting when a client asked for something that
7de7fd5 
  went wrong.
@gthess
- Add an error reporting agent in the parent that should be ignored.
a79c06e
@gthess gthess marked this pull request as ready for review March 16, 2025 06:06
@gthess gthess requested a review from wcawijngaards March 16, 2025 06:06
@gthess
Copy link
Member

gthess commented Mar 16, 2025

I believe this is now ready for review.
There are no limits for error reporting.
Reports will be generated for client inited queries that gave an error during the mesh state.
This is mostly the validator at the moment. When EDEs for RPZ are introduced (blocked, censored, etc) it needs to be revisited (probably by excluding those codes from the report).
LDNS_EDE_OTHER is excluded from the reports because the code does not make sense by itself.
LDNS_EDE_STALE_ANSWER is not interfering with the report (it is generated when responding with stale data, not the same code path).

@gthess gthess self-assigned this Mar 19, 2025
@gthess gthess added this to the Future release milestone Mar 19, 2025
wcawijngaards
wcawijngaards approved these changes Mar 19, 2025
View reviewed changes
Copy link
Member

@wcawijngaards wcawijngaards left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks fine to include. The option set default off is a safe way to introduce the feature.

@gthess
Copy link
Member

gthess commented Mar 19, 2025

Thanks @wcawijngaards ! And nice catch!

@gthess
Copy link
Member

gthess commented Apr 7, 2025

@wcawijngaards, I merged and added a new stats item for dns_error_reports. Do you want to have a final look for completeness?

@wcawijngaards
Copy link
Member

wcawijngaards commented Apr 7, 2025

The changes look fine! Good to have stats for the new feature.

@gthess gthess modified the milestones: Future release, 1.23.0 Apr 7, 2025
@gthess gthess changed the title draft-ietf-dnsop-dns-error-reporting DNS Error Reporting (RFC 9567) Apr 7, 2025
@gthess gthess merged commit a616437 into master Apr 7, 2025
1 check passed
@gthess gthess deleted the features/error-reporting-poc branch April 7, 2025 08:25
gthess added a commit that referenced this pull request Apr 7, 2025
@gthess
Changelog entry for #902:
db6505e 
- Merge #902: DNS Error Reporting (RFC 9567). Introduces new
  configuration option 'dns-error-reporting' and new statistics for
  'num.dns_error_reports'.
jedisct1 added a commit to jedisct1/unbound that referenced this pull request Apr 24, 2025
@jedisct1
Merge remote-tracking branch 'nlnet/master'
7b6ebf3 
* nlnet/master: (49 commits)
  - Tag for 1.23.0rc2. This became the release of 1.23.0 on 24 April   2025. The code repository continues with 1.23.1 in development.
  - Increase default to `num-queries-per-thread: 2048`, when unbound is   compiled with libevent. It makes saturation of the task queue more   resource intensive and less practical. Thanks to Shiming Liu,   Network and Information Security Lab, Tsinghua University for the   report.
  Changelog entry for NLnetLabs#1265: - Merge NLnetLabs#1265: Fix WSAPoll.
  Fix WSAPoll (NLnetLabs#1265)
  Changelog entry for NLnetLabs#1265: - Merge NLnetLabs#1265: Fix WSAPoll.
  Fix WSAPoll (NLnetLabs#1265)
  - Fix for print of connection type in log-replies for dot and doh.
  - Fix NLnetLabs#1264: unbound 1.22.0 leaks memory when doing DoH.
  - Fix to detect if atomic_store links in configure.
  - Fix fast_reload to print chroot with config file name.
  - Update to the manpage for the fast_reload part.
  - Tag for 1.23.0rc1.
  - More explicit text about memory usage during fast_reload.
  Changelog entry for NLnetLabs#902: - Merge NLnetLabs#902: DNS Error Reporting (RFC 9567). Introduces new   configuration option 'dns-error-reporting' and new statistics for   'num.dns_error_reports'.
  DNS Error Reporting (RFC 9567) (NLnetLabs#902)
  - Fix to update common.sh for speed of kill_pid.
  - Fix test to speed up common.sh script kill_pid.
  Fix typo in Changelog entry.
  Changelog entry for NLnetLabs#1019: - Merge NLnetLabs#1019: Redis read-only replica support.   Introduces new 'redis-replica-*' options for the Redis cache backend.
  - Fix redis_replicat test for unused option defaults and log printout.
  ...
@pgporada pgporada mentioned this pull request Nov 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wcawijngaards wcawijngaards wcawijngaards approved these changes

Assignees

@gthess gthess

Labels

None yet

Projects

None yet

Milestone

1.23.0

Development

Successfully merging this pull request may close these issues.

3 participants

@wtoorop @gthess @wcawijngaards