Skip to content

Expose EDE information via API if available#2135

Merged
DL6ER merged 1 commit into
developmentfrom
new/queries_ede
Dec 22, 2024
Merged

Expose EDE information via API if available#2135
DL6ER merged 1 commit into
developmentfrom
new/queries_ede

Conversation

@DL6ER

@DL6ER DL6ER commented Dec 18, 2024

Copy link
Copy Markdown
Member

What does this implement/fix?

Expose extended DNS error codes (and human-readable textual interpretation if available) via thequeries API. This is especially useful in the vicinity of DNSSEC issues like BOGUS as it can provide further reasoning such as DNSSEC signature expired:

image

2024-12-18_10-57

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)

Checklist:

  • The code change is tested and works locally.
  • I based my code and PRs against the repositories developmental branch.
  • I signed off all commits. Pi-hole enforces the DCO for all contributions
  • I signed all my commits. Pi-hole requires signatures to verify authorship
  • I have read the above and my PR is ready for review.

@DL6ER
Expose EDE information via API if available
dd39c5e 
Signed-off-by: DL6ER <dl6er@dl6er.de>
@DL6ER DL6ER requested a review from a team December 18, 2024 09:59
@DL6ER DL6ER mentioned this pull request Dec 18, 2024
Merged
5 tasks
@PromoFaux

PromoFaux commented Dec 18, 2024

Copy link
Copy Markdown
Member

human-readable textual interpretation

Does this come as part of the upstream query response?

@DL6ER

DL6ER commented Dec 18, 2024

Copy link
Copy Markdown
Member Author

No, there is a hard-coded list of reasons defined inside dnsmasq:

FTL/src/dnsmasq/cache.c

Lines 2175 to 2211 in 91ea8d4

const char *edestr(int ede)
{
switch (ede)
{
case EDE_OTHER: return "other";
case EDE_USUPDNSKEY: return "unsupported DNSKEY algorithm";
case EDE_USUPDS: return "unsupported DS digest";
case EDE_STALE: return "stale answer";
case EDE_FORGED: return "forged";
case EDE_DNSSEC_IND: return "DNSSEC indeterminate";
case EDE_DNSSEC_BOGUS: return "DNSSEC bogus";
case EDE_SIG_EXP: return "DNSSEC signature expired";
case EDE_SIG_NYV: return "DNSSEC sig not yet valid";
case EDE_NO_DNSKEY: return "DNSKEY missing";
case EDE_NO_RRSIG: return "RRSIG missing";
case EDE_NO_ZONEKEY: return "no zone key bit set";
case EDE_NO_NSEC: return "NSEC(3) missing";
case EDE_CACHED_ERR: return "cached error";
case EDE_NOT_READY: return "not ready";
case EDE_BLOCKED: return "blocked";
case EDE_CENSORED: return "censored";
case EDE_FILTERED: return "filtered";
case EDE_PROHIBITED: return "prohibited";
case EDE_STALE_NXD: return "stale NXDOMAIN";
case EDE_NOT_AUTH: return "not authoritative";
case EDE_NOT_SUP: return "not supported";
case EDE_NO_AUTH: return "no reachable authority";
case EDE_NETERR: return "network error";
case EDE_INVALID_DATA: return "invalid data";
case EDE_SIG_E_B_V: return "signature expired before valid";
case EDE_TOO_EARLY: return "too early";
case EDE_UNS_NS3_ITER: return "unsupported NSEC3 iterations value";
case EDE_UNABLE_POLICY: return "uanble to conform to policy";
case EDE_SYNTHESIZED: return "synthesized";
default: return "unknown";
}
}

@PromoFaux

PromoFaux commented Dec 18, 2024

Copy link
Copy Markdown
Member

Ah-hah, cool! I only asked as I couldn't see any added as part of this PR :)

@DL6ER

DL6ER commented Dec 18, 2024

Copy link
Copy Markdown
Member Author

Yeah, this PR basically re-adds what we had before. EDE was already exposed via the Telnet API to the frontend but this seems to have been forgotten in the v6 migration. Not that I'd recall the web interface actually used it, though...

@rdwebdesign

rdwebdesign commented Dec 18, 2024

Copy link
Copy Markdown
Member

Not that I'd recall the web interface actually used it, though...

It was used in queries.js - lines 83, 106 and 234

@DL6ER

DL6ER commented Dec 18, 2024

Copy link
Copy Markdown
Member Author

Ah, okay, but that seems to be numeric only, not a human-friendly text representation

@DL6ER DL6ER merged commit c04fa58 into development Dec 22, 2024
@DL6ER DL6ER deleted the new/queries_ede branch December 22, 2024 07:39
@PromoFaux PromoFaux mentioned this pull request Feb 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yubiuser yubiuser yubiuser approved these changes

Assignees

No one assigned

Labels

DNSSEC Pi-hole v6.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@DL6ER @PromoFaux @rdwebdesign @yubiuser