plugin/acl : add support for Extended DNS Errors (#5532)

* plugin/acl : add support for Extended DNS Errors Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com> * fixup! plugin/acl : add support for Extended DNS Errors Signed-off-by: Ondřej Benkovský <ondrej.benkovsky@jamf.com>
2025-12-15 06:45:11 -05:00 · 2022-07-25 16:44:13 +02:00
parent 50beb677ad
commit 2fe5273cd1
2 changed files with 247 additions and 235 deletions
--- a/plugin/acl/acl.go
+++ b/plugin/acl/acl.go
@@ -69,8 +69,11 @@ RulesCheckLoop:
 		switch action {
 		case actionBlock:
 			{
-				m := new(dns.Msg)
-				m.SetRcode(r, dns.RcodeRefused)
+				m := new(dns.Msg).
+					SetRcode(r, dns.RcodeRefused).
+					SetEdns0(4096, true)
+				ede := dns.EDNS0_EDE{InfoCode: dns.ExtendedErrorCodeBlocked}
+				m.IsEdns0().Option = append(m.IsEdns0().Option, &ede)
 				w.WriteMsg(m)
 				RequestBlockCount.WithLabelValues(metrics.WithServer(ctx), zone).Inc()
 				return dns.RcodeSuccess, nil
@@ -81,8 +84,11 @@ RulesCheckLoop:
 			}
 		case actionFilter:
 			{
-				m := new(dns.Msg)
-				m.SetRcode(r, dns.RcodeSuccess)
+				m := new(dns.Msg).
+					SetRcode(r, dns.RcodeSuccess).
+					SetEdns0(4096, true)
+				ede := dns.EDNS0_EDE{InfoCode: dns.ExtendedErrorCodeFiltered}
+				m.IsEdns0().Option = append(m.IsEdns0().Option, &ede)
 				w.WriteMsg(m)
 				RequestFilterCount.WithLabelValues(metrics.WithServer(ctx), zone).Inc()
 				return dns.RcodeSuccess, nil