Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns-dir-review-rpz #31

Merged
merged 1 commit into from Jun 28, 2023
Merged

dns-dir-review-rpz #31

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
40 changes: 20 additions & 20 deletions draft-ietf-dnsop-structured-dns-error.md
View file
Open in desktop
Expand Up @@ -394,26 +394,6 @@ field:
no such distinction made for DoH.


# Interoperation with RPZ Servers

This section discusses operation with an RPZ server {{RPZ}} that
indicates filtering with a NXDOMAIN response with the Recursion
Available bit cleared (RA=0).

When a DNS client supports this specification it includes the
EDE option in its DNS query.

If the server does not support this specification and is performing
RPZ filtering, the server ignores the EDE option in the DNS query and
replies with NXDOMAIN and RA=0. The DNS client can continue to accept
such responses.

If the server does support this specification and is performing RPZ
filtering, the server can use the EDE option in the query to identify
an EDE-aware client and respond appropriately (that is, by generating
a response described in {#server-response}) as NXDOMAIN and RA=0
are not necessary when generating a response to such a client.

# New Sub-Error Codes Definition

The document defines the following new IANA-registered Sub-Error codes.
Expand Down Expand Up @@ -649,6 +629,26 @@ registry {{IANA-DNS}}:

--- back

# Interoperation with RPZ Servers

This appendix discusses operation with an Response Policy Zones (RPZ) server {{RPZ}} that
indicates filtering with a NXDOMAIN response with the Recursion
Available bit cleared (RA=0).

When a DNS client supports this specification, it includes the
EDE option in its DNS query.

If the server does not support this specification and is performing
RPZ filtering, the server ignores the EDE option in the DNS query and
replies with NXDOMAIN and RA=0. The DNS client can continue to accept
such responses.

If the server does support this specification and is performing RPZ
filtering, the server can use the EDE option in the query to identify
an EDE-aware client and respond appropriately (that is, by generating
a response described in {#server-response}) as NXDOMAIN and RA=0
are not necessary when generating a response to such a client.

# Acknowledgements
{:numbered="false"}

Expand Down