EDNS(0) Support (DNSSEC Prerequisite)

[stephbu]

Overview

Implement EDNS(0) (Extension Mechanisms for DNS) support as defined in RFC 6891. This is a prerequisite for DNSSEC support (#2) and enables larger UDP payloads and extended flags.

Parent Issue

• DNS-Sec support #2 — DNSSEC Support (Phase 1A)

Background

EDNS(0) extends DNS by adding a pseudo-record (OPT, type 41) to the Additional section. Key capabilities:

• DO (DNSSEC OK) bit: Signals that the client wants DNSSEC records
• Larger UDP payloads: Up to 4096 bytes vs. the legacy 512-byte limit
• Extended RCODE: 12-bit response codes vs. 4-bit legacy
• Client Subnet: Future support for EDNS Client Subnet (ECS)

Coordination

This work overlaps with #29 (Performance Tuning) since both involve buffer management:

• Consider Span<T> and Memory<T> for parsing
• Use ArrayPool<byte> for buffer allocation
• Coordinate changes to avoid duplicate refactoring

Implementation Tasks

OPT Record Parsing

• Create OptRData class in Dns/RData.cs
  • UDP payload size (16-bit, replaces CLASS field)
  • Extended RCODE (upper 8 bits)
  • EDNS version (8 bits)
  • Flags (16 bits, including DO bit at position 15)
  • RDATA containing zero or more options
• Parse OPT record in ResourceList.LoadFrom() when Type == ResourceType.OPT
• Handle OPT's non-standard field semantics (NAME must be root, CLASS = UDP size)

OPT Record Serialization

• Implement OptRData.WriteToStream()
• Add helper to construct OPT record for outgoing queries
• Set DO bit when requesting DNSSEC records from upstream

DnsMessage Integration

• Add EdnsOptions property to DnsMessage for convenient access
• Helper methods: HasEdns(), GetMaxUdpPayload(), IsDnssecOk()
• When forwarding queries upstream, preserve or add EDNS(0) as configured

Buffer Management

• Increase default receive buffer from 512 to 4096 bytes
• Make buffer size configurable in appsettings.json
• Consider ArrayPool<byte>.Shared for buffer reuse (coordinate with Tune serving loop for performance and minimal memory utilization #29)

Configuration

• Add EDNS configuration section to AppConfig.cs:

  "Edns": {
    "Enabled": true,
    "MaxUdpPayloadSize": 4096,
    "RequestDnssec": true
  }

Testing

• Unit tests for OPT record parsing with various flag combinations
• Unit tests for OPT record serialization round-trip
• Integration test: query upstream with DO bit, verify DNSSEC records returned
• Test backward compatibility: server still handles non-EDNS queries

Technical References

• RFC 6891 — Extension Mechanisms for DNS (EDNS(0))
• RFC 3225 — Indicating Resolver Support of DNSSEC (DO bit)

Acceptance Criteria

• OPT pseudo-record correctly parsed from incoming messages
• OPT record correctly serialized in outgoing queries
• DO bit can be set when querying upstream resolvers
• Configurable UDP payload size respected
• Non-EDNS queries continue to work (backward compatible)
• Unit tests pass for parsing/serialization
• Documentation updated

Related Issues

• DNS-Sec support #2 — DNSSEC Support (parent)
• Tune serving loop for performance and minimal memory utilization #29 — Performance Tuning (coordinate buffer work)