Expose EDE information via API if available

[DL6ER]

What does this implement/fix?

Expose extended DNS error codes (and human-readable textual interpretation if available) via thequeries API. This is especially useful in the vicinity of DNSSEC issues like BOGUS as it can provide further reasoning such as DNSSEC signature expired:

---

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

---

By submitting this pull request, I confirm the following:

1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
2. I have commented my proposed changes within the code.
3. I am willing to help maintain this change if there are issues with it later.
4. It is compatible with the EUPL 1.2 license
5. I have squashed any insignificant commits. (git rebase)

Checklist:

• The code change is tested and works locally.
• I based my code and PRs against the repositories developmental branch.
• I signed off all commits. Pi-hole enforces the DCO for all contributions
• I signed all my commits. Pi-hole requires signatures to verify authorship
• I have read the above and my PR is ready for review.

[PromoFaux]

human-readable textual interpretation

Does this come as part of the upstream query response?

[DL6ER]

No, there is a hard-coded list of reasons defined inside dnsmasq:

FTL/src/dnsmasq/cache.c

Lines 2175 to 2211 in 91ea8d4

	const char *edestr(int ede)
	{
	switch (ede)
	{
	case EDE_OTHER: return "other";
	case EDE_USUPDNSKEY: return "unsupported DNSKEY algorithm";
	case EDE_USUPDS: return "unsupported DS digest";
	case EDE_STALE: return "stale answer";
	case EDE_FORGED: return "forged";
	case EDE_DNSSEC_IND: return "DNSSEC indeterminate";
	case EDE_DNSSEC_BOGUS: return "DNSSEC bogus";
	case EDE_SIG_EXP: return "DNSSEC signature expired";
	case EDE_SIG_NYV: return "DNSSEC sig not yet valid";
	case EDE_NO_DNSKEY: return "DNSKEY missing";
	case EDE_NO_RRSIG: return "RRSIG missing";
	case EDE_NO_ZONEKEY: return "no zone key bit set";
	case EDE_NO_NSEC: return "NSEC(3) missing";
	case EDE_CACHED_ERR: return "cached error";
	case EDE_NOT_READY: return "not ready";
	case EDE_BLOCKED: return "blocked";
	case EDE_CENSORED: return "censored";
	case EDE_FILTERED: return "filtered";
	case EDE_PROHIBITED: return "prohibited";
	case EDE_STALE_NXD: return "stale NXDOMAIN";
	case EDE_NOT_AUTH: return "not authoritative";
	case EDE_NOT_SUP: return "not supported";
	case EDE_NO_AUTH: return "no reachable authority";
	case EDE_NETERR: return "network error";
	case EDE_INVALID_DATA: return "invalid data";
	case EDE_SIG_E_B_V: return "signature expired before valid";
	case EDE_TOO_EARLY: return "too early";
	case EDE_UNS_NS3_ITER: return "unsupported NSEC3 iterations value";
	case EDE_UNABLE_POLICY: return "uanble to conform to policy";
	case EDE_SYNTHESIZED: return "synthesized";
	default: return "unknown";
	}
	}

[PromoFaux]

Ah-hah, cool! I only asked as I couldn't see any added as part of this PR :)

[DL6ER]

Yeah, this PR basically re-adds what we had before. EDE was already exposed via the Telnet API to the frontend but this seems to have been forgotten in the v6 migration. Not that I'd recall the web interface actually used it, though...

[rdwebdesign]

Not that I'd recall the web interface actually used it, though...

It was used in queries.js - lines 83, 106 and 234

[DL6ER]

Ah, okay, but that seems to be numeric only, not a human-friendly text representation