- Added a recursive resolver handler, so we can filter authority & additional - Censor authority/additional when NS and zone are not sinkholed to prevent outside NS leakage
Providing authority/additional records from the internet for whitelisted zones just leads to problems where we have to censor/replace those records. Leaving those records out entirely solves that issue.
…nsor_authority - Fix trie partial-key matching by making trie do exact mode - Noticed an AUTH/ADD NS leak for whitelisted one-off records - will need to fix in reply_handler, since censor_authority has no idea. - Re-do record lookup when in learning mode to get the "correct" answer instead of letting the wrong one fall through to the client
- Added IGNORE RCODE so we can tell when a programmable resolver says "skip me" - Added example NS/A records for "us" - the authorative NS for sinkholed domains -