1 files changed, 17 insertions, 0 deletions

diff --git a/lib/resolve.c b/lib/resolve.c
index 4730f105..bc00471b 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -738,6 +738,17 @@ int kr_resolve_consume(struct kr_request *request, struct kr_transport **transpo
 					qry->flags.NO_NS_FOUND = true;
 					return KR_STATE_PRODUCE;
 				}
+
+				/* Construct EDE message.  We need it on mempool. */
+				char cut_buf[KR_DNAME_STR_MAXLEN];
+				char *msg = knot_dname_to_str(cut_buf, qry->zone_cut.name, sizeof(cut_buf));
+				if (!kr_fails_assert(msg)) {
+					if (*qry->zone_cut.name != '\0') /* Strip trailing dot. */
+						cut_buf[strlen(cut_buf) - 1] = '\0';
+					msg = kr_strcatdup_pool(&request->pool, 2,
+							"OLX2: delegation ", cut_buf);
+				}
+				kr_request_set_extended_error(request, KNOT_EDNS_EDE_NREACH_AUTH, msg);
 				return KR_STATE_FAIL;
 			}
 		} else {
@@ -972,12 +983,15 @@ knot_mm_t *kr_resolve_pool(struct kr_request *request)
 static int ede_priority(int info_code)
 {
 	switch(info_code) {
+	case KNOT_EDNS_EDE_TOO_EARLY:
+		return 910;
 	case KNOT_EDNS_EDE_DNSKEY_BIT:
 	case KNOT_EDNS_EDE_DNSKEY_MISS:
 	case KNOT_EDNS_EDE_SIG_EXPIRED:
 	case KNOT_EDNS_EDE_SIG_NOTYET:
 	case KNOT_EDNS_EDE_RRSIG_MISS:
 	case KNOT_EDNS_EDE_NSEC_MISS:
+	case KNOT_EDNS_EDE_EXPIRED_INV:
 		return 900;  /* Specific DNSSEC failures */
 	case KNOT_EDNS_EDE_BOGUS:
 		return 800;  /* Generic DNSSEC failure */
@@ -990,6 +1004,7 @@ static int ede_priority(int info_code)
 		return 600;  /* Policy related */
 	case KNOT_EDNS_EDE_DNSKEY_ALG:
 	case KNOT_EDNS_EDE_DS_DIGEST:
+	case KNOT_EDNS_EDE_NSEC3_ITERS:
 		return 500;  /* Non-critical DNSSEC issues */
 	case KNOT_EDNS_EDE_STALE:
 	case KNOT_EDNS_EDE_STALE_NXD:
@@ -1002,10 +1017,12 @@ static int ede_priority(int info_code)
 	case KNOT_EDNS_EDE_NREACH_AUTH:
 	case KNOT_EDNS_EDE_NETWORK:
 	case KNOT_EDNS_EDE_INV_DATA:
+	case KNOT_EDNS_EDE_SYNTHESIZED:
 		return 200;  /* Assorted codes */
 	case KNOT_EDNS_EDE_OTHER:
 		return 100;  /* Most generic catch-all error */
 	case KNOT_EDNS_EDE_NONE:
+	case KNOT_EDNS_EDE_NONCONF_POLICY:  /* Defined by an expired Internet Draft */
 		return 0;  /* No error - allow overriding */
 	default:
 		kr_assert(false);  /* Unknown info_code */