Add caching EDEs

daemon/worker.c

@@ -488,7 +488,7 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo,
 			 * and implement in here instead of the hardcoded EDE */
 			if (worker->env.cfg->ede) {
 				EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
-					worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, "");
+					worker->scratchpad, msg->rep->reason_bogus, "");
 			}
 			error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, 
 				&msg->qinfo, id, flags, edns);
@@ -664,7 +664,7 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
 		 * and implement in here instead of the hardcoded EDE */
 		if (worker->env.cfg->ede) {
 			EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out,
-				worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, "");
+				worker->scratchpad, rep->reason_bogus, "");
 		}
 		error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL,
 			qinfo, id, flags, edns);

dns64/dns64.c

@@ -841,7 +841,7 @@ dns64_adjust_a(int id, struct module_qstate* super, struct module_qstate* qstate
 	cp = construct_reply_info_base(super->region, rep->flags, rep->qdcount,
 		rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl,
 		rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets,
-		rep->rrset_count, rep->security);
+		rep->rrset_count, rep->security, LDNS_EDE_NONE);
 	if(!cp)
 		return;
 

services/cache/dns.c

@@ -1064,7 +1064,6 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf,
 	/* ttl must be relative ;i.e. 0..86400 not  time(0)+86400.
 	 * the env->now is added to message and RRsets in this routine. */
 	/* the leeway is used to invalidate other rrsets earlier */
-
 	if(is_referral) {
 		/* store rrsets */
 		struct rrset_ref ref;

services/rpz.c

@@ -1709,7 +1709,8 @@ rpz_synthesize_nodata(struct rpz* ATTR_UNUSED(r), struct module_qstate* ms,
 					     0, /* ns */
 					     0, /* ar */
 					     0, /* total */
-					     sec_status_insecure);
+					     sec_status_insecure,
+					     LDNS_EDE_NONE);
 	if(msg->rep)
 		msg->rep->authoritative = 1;
 	if(!rpz_add_soa(msg->rep, ms, az))
@@ -1738,7 +1739,8 @@ rpz_synthesize_nxdomain(struct rpz* r, struct module_qstate* ms,
 					     0, /* ns */
 					     0, /* ar */
 					     0, /* total */
-					     sec_status_insecure);
+					     sec_status_insecure,
+					     LDNS_EDE_NONE);
 	if(msg->rep)
 		msg->rep->authoritative = 1;
 	if(!rpz_add_soa(msg->rep, ms, az))
@@ -1768,7 +1770,8 @@ rpz_synthesize_localdata_from_rrset(struct rpz* ATTR_UNUSED(r), struct module_qs
                                                    0, /* ns */
                                                    0, /* ar */
                                                    1, /* total */
-                                                   sec_status_insecure);
+                                                   sec_status_insecure,
+                                                   LDNS_EDE_NONE);
 	if(new_reply_info == NULL) {
 		log_err("out of memory");
 		return NULL;

util/data/msgreply.c

@@ -94,7 +94,7 @@ parse_create_qinfo(sldns_buffer* pkt, struct msg_parse* msg,
 struct reply_info*
 construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
 	time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns,
-	size_t ar, size_t total, enum sec_status sec)
+	size_t ar, size_t total, enum sec_status sec, sldns_ede_code reason_bogus)
 {
 	struct reply_info* rep;
 	/* rrset_count-1 because the first ref is part of the struct. */
@@ -117,7 +117,12 @@ construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
 	rep->ar_numrrsets = ar;
 	rep->rrset_count = total;
 	rep->security = sec;
+	/* veryify that we set the EDE to none by setting it explicitly */
+	if (reason_bogus != LDNS_EDE_NONE) {
+		rep->reason_bogus = reason_bogus;
+	} else {
 		rep->reason_bogus = LDNS_EDE_NONE;
+	}
 	rep->authoritative = 0;
 	/* array starts after the refs */
 	if(region)
@@ -137,7 +142,7 @@ parse_create_repinfo(struct msg_parse* msg, struct reply_info** rep,
 {
 	*rep = construct_reply_info_base(region, msg->flags, msg->qdcount, 0, 
 		0, 0, msg->an_rrsets, msg->ns_rrsets, msg->ar_rrsets, 
-		msg->rrset_count, sec_status_unchecked);
+		msg->rrset_count, sec_status_unchecked, LDNS_EDE_NONE);
 	if(!*rep)
 		return 0;
 	return 1;
@@ -182,7 +187,7 @@ make_new_reply_info(const struct reply_info* rep, struct regional* region,
 	new_rep = construct_reply_info_base(region, rep->flags,
 		rep->qdcount, rep->ttl, rep->prefetch_ttl,
 		rep->serve_expired_ttl, an_numrrsets, 0, 0, an_numrrsets,
-		sec_status_insecure);
+		sec_status_insecure, LDNS_EDE_NONE);
 	if(!new_rep)
 		return NULL;
 	if(!reply_info_alloc_rrset_keys(new_rep, NULL, region))
@@ -745,7 +750,7 @@ reply_info_copy(struct reply_info* rep, struct alloc_cache* alloc,
 	cp = construct_reply_info_base(region, rep->flags, rep->qdcount, 
 		rep->ttl, rep->prefetch_ttl, rep->serve_expired_ttl, 
 		rep->an_numrrsets, rep->ns_numrrsets, rep->ar_numrrsets,
-		rep->rrset_count, rep->security);
+		rep->rrset_count, rep->security, rep->reason_bogus);
 	if(!cp)
 		return NULL;
 	/* allocate ub_key structures special or not */

util/data/msgreply.h

@@ -240,13 +240,15 @@ struct msgreply_entry {
  * @param ar: ar count
  * @param total: total rrset count (presumably an+ns+ar).
  * @param sec: security status of the reply info.
+ * @param: reason_bogus: the Extended DNS Error for DNSSEC bogus status
  * @return the reply_info base struct with the array for putting the rrsets
  * in.  The array has been zeroed.  Returns NULL on malloc failure.
  */
 struct reply_info*
 construct_reply_info_base(struct regional* region, uint16_t flags, size_t qd,
 		time_t ttl, time_t prettl, time_t expttl, size_t an, size_t ns,
-		size_t ar, size_t total, enum sec_status sec);
+		size_t ar, size_t total, enum sec_status sec,
+                sldns_ede_code reason_bogus);
 
 /** 
  * Parse wire query into a queryinfo structure, return 0 on parse error.