Add doc to EDE constants from RFC8914

dnsjava · ibauersachs · Jan 23, 2022 · Aug 15, 2021 · Aug 15, 2021 · Aug 21, 2021
commit 705bd9d7130771b354be0e577b75579391c5f3b9
diff --git a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java
@@ -11,30 +11,143 @@
  * @since 3.4
  */
 public class ExtendedErrorCodeOption extends EDNSOption {
+
+  /** The error in question falls into a category that does not match known extended error codes. */
   public static final int OTHER = 0;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but a {@link DNSKEYRecord} {@link RRset}
+   * contained only unsupported DNSSEC algorithms.
+   */
   public static final int UNSUPPORTED_DNSKEY_ALGORITHM = 1;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but a {@link DSRecord} {@link RRset}
+   * contained only unsupported Digest Types.
+   */
   public static final int UNSUPPORTED_DS_DIGEST_TYPE = 2;
+
+  /**
+   * The resolver was unable to resolve the answer within its time limits and decided to answer with
+   * previously cached data instead of answering with an error.
+   */
   public static final int STALE_ANSWER = 3;
+
+  /**
+   * For policy reasons (legal obligation or malware filtering, for instance), an answer was forged.
+   */
   public static final int FORGED_ANSWER = 4;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but validation ended in the Indeterminate
+   * state [RFC4035].
+   */
   public static final int DNSSEC_INDETERMINATE = 5;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but validation ended in the Bogus state.
+   */
   public static final int DNSSEC_BOGUS = 6;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no signatures are presently valid and
+   * some (often all) are expired.
+   */
   public static final int SIGNATURE_EXPIRED = 7;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no signatures are presently valid and
+   * at least some are not yet valid.
+   */
   public static final int SIGNATURE_NOT_YET_VALID = 8;
+
+  /**
+   * A {@link DSRecord} existed at a parent, but no supported matching {@link DNSKEYRecord} could be
+   * found for the child.
+   */
   public static final int DNSKEY_MISSING = 9;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no {@link RRSIGRecord}s could be found
+   * for at least one {@link RRset} where {@link RRSIGRecord}s were expected.
+   */
   public static final int RRSIGS_MISSING = 10;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but no Zone Key Bit was set in a DNSKEY.
+   */
   public static final int NO_ZONE_KEY_BIT_SET = 11;
+
+  /**
+   * The resolver attempted to perform DNSSEC validation, but the requested data was missing and a
+   * covering {@link NSECRecord} or {@link NSEC3Record} was not provided
+   */
   public static final int NSEC_MISSING = 12;
+
+  /** The resolver is returning the {@link Rcode#SERVFAIL} from its cache. */
   public static final int CACHED_ERROR = 13;
+
+  /**
+   * The server is unable to answer the query, as it was not fully functional when the query was
+   * received.
+   */
   public static final int NOT_READY = 14;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist due to an
+   * internal security policy imposed by the operator of the server resolving or forwarding the
+   * query.
+   */
   public static final int BLOCKED = 15;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist due to an
+   * external requirement imposed by an entity other than the operator of the server resolving or
+   * forwarding the query.
+   */
   public static final int CENSORED = 16;
+
+  /**
+   * The server is unable to respond to the request because the domain is on a blocklist as
+   * requested by the client.
+   */
   public static final int FILTERED = 17;
+
+  /**
+   * An authoritative server or recursive resolver that receives a query from an "unauthorized"
+   * client can annotate its {@link Rcode#REFUSED} message with this code.
+   */
   public static final int PROHIBITED = 18;
+
+  /**
+   * The resolver was unable to resolve an answer within its configured time limits and decided to
+   * answer with a previously cached {@link Rcode#NXDOMAIN} answer instead of answering with an
+   * error.
+   */
   public static final int STALE_NXDOMAIN_ANSWER = 19;
+
+  /**
+   * Response to a query with the Recursion Desired (RD) bit clear, or when the server is not
+   * configured for recursion (and the query is for a domain for which it is not authoritative).
+   */
   public static final int NOT_AUTHORITATIVE = 20;
+
+  /** The requested operation or query is not supported. */
   public static final int NOT_SUPPORTED = 21;
+
+  /**
+   * The resolver could not reach any of the authoritative name servers (or they potentially refused
+   * to reply).
+   */
   public static final int NO_REACHABLE_AUTHORITY = 22;
+
+  /** An unrecoverable error occurred while communicating with another server. */
   public static final int NETWORK_ERROR = 23;
+
+  /**
+   * The authoritative server cannot answer with data for a zone it is otherwise configured to
+   * support.
+   */
   public static final int INVALID_DATA = 24;
 
   @Getter private int errorCode;