Extended DNS Errors proposal

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Mar 18 13:11:48 UTC 2019

On Mon, Mar 18, 2019 at 12:47:36PM +0000,
 Nick via Unbound-users <unbound-users at nlnetlabs.nl> wrote 
 a message of 33 lines which said:

> For some client requests we would like to insist on DNSSEC, and
> others I would like to understand if DNSSEC failed, but still retain
> the option to get a result from the DNS lookup.

Clearly, DNS Extended Error is exactly what you want. Your use-case is
quite common. But DNS Extended Error is not yet a RFC and not yet
implemented (see my message about the IETF hackathon).

If you control the client application, getdns <https://getdnsapi.net/> may
interests you.

More information about the Unbound-users mailing list