Hi, Recently I have been looking for ways to determine/differentiate (from the DNS client) SERVFAIL & SERVFAIL due to DNSSEC errors.
I came across this submission to the ietf: https://datatracker.ietf.org/doc/draft-ietf-dnsop-extended-error/ (https://datatracker.ietf.org/doc/draft-ietf-dnsop-extended-error/) The proposal utilises an EDNS0 option code to request that the DNS server appends an additional record to the response, conveying additional information. This includes the status of DNSSEC. Would anyone happen to know if this proposal is planned to be supported by Unbound in the near future? Regards Nick
