Adding Extra Text to EDNS EDE Responses in BIND 9.19.24

Mark Andrews marka at isc.org
Mon Aug 12 23:38:32 UTC 2024 

There is no code written to add reasons for rpz blocks.  Feel free to add an issue
via https://gitlab.isc.org/.

> On 13 Aug 2024, at 00:06, Robert Paolucci via bind-users <bind-users at lists.isc.org> wrote:
> 
> Hello All,
>  I’m currently working with BIND 9.19.24 and have successfully implemented EDNS EDE (Extended DNS Error) with the following configuration:
> 
>         response-policy {
>             zone "rpz.example.com" ede blocked; }
>             add-soa false
> 
> This correctly returns the OPT code 15 for a blocked response:
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; OPT=15: 00 0f ("..")
> 
> I would like to add some additional text to the EDE response, such as a reason for the block (e.g., "Blocked because – REASON").
>  According to RFC 5198, it should be possible to use an extra-text field:
>  EXTRA-TEXT:
> A variable-length, UTF-8-encoded [RFC5198] text field that may hold additional textual information. This information is intended for human consumption (not automated parsing). The EDE text may be null terminated but MUST NOT be assumed to be; the length MUST be derived from the OPTION-LENGTH field. The EXTRA-TEXT field may be zero octets in length, indicating that there is no EXTRA-TEXT included. Care should be taken not to include private information in the EXTRA-TEXT field that an observer would not otherwise have access to, such as account numbers.
>  However, I haven’t been able to find an option for extra-text in the BIND configuration. Is this feature not supported yet, or is there a different approach I should be using?
>  Thanks for your help!
> 
> This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list