Extended DNS Errors
An EDNS0 option (EDE) that lets a resolver explain WHY a DNS query failed with structured error codes like "DNSSEC bogus", "blocked", or "forged answer".
Extended DNS Errors (EDE) is the option that finally lets resolvers explain failures beyond opaque rcodes like SERVFAIL. Defined codes include 6 (DNSSEC Bogus), 8 (Signature Expired), 10 (RRSIGs Missing), 15 (Blocked by policy), 18 (Prohibited), and 22 (No Reachable Authority). A modern dig version surfaces these as `; EDE: 6 (DNSSEC Bogus)` in the comments. Operators can finally tell a user that a query was blocked by parental control filtering, by RPZ, or because DNSSEC validation actually failed, instead of just "something went wrong". Adoption in resolvers like Unbound, BIND, and PowerDNS is now widespread.