Closed wjgauthier closed 3 days ago
I see we already have an accessor for the DNSSEC OK bit (dnsdist_ffi_dnsquestion_get_do
) and for EDNS options (dnsdist_ffi_dnsquestion_get_edns_options
). There is no other flag defined as far as I know, so I guess we only need new accessors for the version and the extended rcode, or did you have something else in mind?
You are right. We would only need accessors for the version and the extended rcode. Thank you!
Short description
I am using Lua FFI to spoof responses, but I cannot currently handle cases where a client requests an unknown EDNS version (two of the ISC EDNS Compliance checks) because there is no function available to retrieve the OPT section.
Usecase
In my Lua script for spoofing responses, I would like to return BADVERS if the client requests anything other than EDNS version 0, which is the correct way of handling unknown EDNS versions (https://ednscomp.isc.org/).
Description
Implementing an
ffi.C.dnsdist_ffi_dnsquestion_get_opt_section
function that returns the requested EDNS version (along with other options) would allow me to handle unknown EDNS versions correctly.