On Oct 16, 2025, at 12:50, Petr Špaček <[email protected]> wrote: > > Hello dnsop. > > Do you think Extended DNS Error Code 24 - Invalid Data assigned in > https://www.rfc-editor.org/rfc/rfc8914.html#section-4.25 > should be used when reporting situation where *resolver* refused data from > auth and generated SERVFAIL because of that?
No, definitely not. The RFC defines 24 as: The authoritative server cannot answer with data for a zone it is otherwise configured to support. Examples of this include its most recent zone being too old or having expired. EDE is supposed to come from an authoritative server with a problem, not a resolver with a problem. > In our case auth is sending nonsense SOA in negative response and BIND drops > that response on the floor. After trying all auths (or reaching query limit) > the resolver will generate SERVFAIL. > > The question is - should we use EDE 24 Invalid Data with a suitable > EXTRA-TEXT? > > Or assign a new code for "resolver did not like what it got"? That seems best. Maybe be specific: TBD1 - The resolver got a response with RCODE of NOERROR and records in the Answer section, and records of the correct RRtype, but the data in the records section was malformed. And, while you are at it: TBD2 - The resolver got a response with with malformed data in the response header. TBD3 - The resolver got a response with RCODE of NOERROR and records in the Answer section, but no records of acceptable RRtypes. --Paul Hoffman _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
