Update DnssecError.IO_EXCEPTION for failure due to I/O error during DNS resolution

[tando-nxiweni]

Description

Added a new error type IO_EXCEPTION to the DnssecError enum to specifically handle I/O errors that occur during DNS resolution in DNSSEC validation processes.

Changes

1. DnssecError Enum Enhancement

File: library/src/main/java/com/digicert/validation/mpic/api/dns/DnssecError.java

• Added: New enum value IO_EXCEPTION
• Documentation: "DNSSEC validation failed due to an I/O error during DNS resolution"
• Position: Added between RRSIGS_MISSING and OTHER enum values

Existing DnssecError Values:

• DNSKEY_MISSING - DNSKEY record is missing at the zone
• DNSSEC_BOGUS - DNSSEC validation resulted in BOGUS status
• NSEC_MISSING - NSEC or NSEC3 record is missing for denial of existence proof
• RRSIGS_MISSING - RRSIG records are missing for the requested record type
• IO_EXCEPTION ← NEW
• OTHER - Other unspecified DNSSEC error

Motivation

The addition of IO_EXCEPTION provides more granular error reporting for DNSSEC validation failures. Previously, I/O errors during DNS resolution would have been categorized under the generic OTHER error type. This new specific error type allows:

1. Better Error Tracking: Distinguish between different types of DNSSEC failures
2. Improved Debugging: Quickly identify when failures are due to network/I/O issues vs. cryptographic validation problems
3. Enhanced Monitoring: Better metrics and alerting for infrastructure-related issues

Use Cases

The IO_EXCEPTION error type is particularly useful for scenarios such as:

• DNS resolution timeouts during DNSSEC validation
• Network connectivity issues
• DNS server unavailability
• I/O errors that prevent completion of DNSSEC validation chain verification

Integration Points

1. DnssecDetails Record

The IO_EXCEPTION error is part of the DnssecDetails record structure:

public record DnssecDetails(
    DnssecStatus dnssecStatus,
    DnssecError dnssecError,    // Can now be IO_EXCEPTION
    String errorLocation,
    String errorDetails
)

2. Exception Handling

Used in validation exceptions (ValidationException, AcmeValidationException) to provide detailed DNSSEC error information alongside general DCV errors.

3. DNS Lookup Flow

When DNS lookup encounters an IOException:

• DnsClient catches the exception
• Maps to ClientStatus.DNS_LOOKUP_IO_EXCEPTION
• Eventually surfaces as DcvError.DNS_LOOKUP_IO_EXCEPTION
• If DNSSEC validation is enabled, additional context provided via DnssecError.IO_EXCEPTION

Testing

The change includes test coverage in:

• AcmeValidationExceptionTest.java - Tests exception handling with IO_EXCEPTION error
• Integration with DnssecStatus.INDETERMINATE for cases where validation cannot be completed

Related Enums

ClientStatus (DNS operations)

• DNS_LOOKUP_IO_EXCEPTION - General I/O exception during DNS lookup

DcvError (Domain Control Validation)

• DNS_LOOKUP_IO_EXCEPTION - I/O exception at DCV level
• DNS_LOOKUP_DNSSEC_FAILURE - General DNSSEC failure

DnssecError (DNSSEC-specific)

• IO_EXCEPTION - NEW: I/O error specifically in DNSSEC validation context