]>
Commit | Line | Data |
---|---|---|
d54a2ce4 MT |
1 | From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
3 | Date: Fri, 17 Apr 2015 22:50:20 +0100 | |
efbd3a9a | 4 | Subject: [PATCH 78/98] Log domain when reporting DNSSEC validation failure. |
d54a2ce4 MT |
5 | |
6 | --- | |
7 | src/forward.c | 15 ++++++++++----- | |
8 | 1 file changed, 10 insertions(+), 5 deletions(-) | |
9 | ||
10 | diff --git a/src/forward.c b/src/forward.c | |
11 | index 3f6b9a23b6ab..1c7da3f5655c 100644 | |
12 | --- a/src/forward.c | |
13 | +++ b/src/forward.c | |
14 | @@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now) | |
15 | header->hb3 |= HB3_TC; | |
16 | else | |
17 | { | |
18 | - char *result; | |
19 | + char *result, *domain = "result"; | |
20 | ||
21 | if (forward->work_counter == 0) | |
22 | { | |
23 | @@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now) | |
24 | else | |
25 | result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); | |
26 | ||
27 | - log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result); | |
28 | + if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL)) | |
29 | + domain = daemon->namebuff; | |
30 | + | |
31 | + log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result); | |
32 | } | |
33 | ||
34 | if (status == STAT_SECURE) | |
35 | @@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now, | |
36 | { | |
37 | int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */ | |
38 | int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount); | |
39 | - char *result; | |
40 | + char *result, *domain = "result"; | |
41 | ||
42 | if (status == STAT_INSECURE_DS) | |
43 | { | |
44 | @@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now, | |
45 | } | |
46 | else | |
47 | result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); | |
48 | - | |
49 | - log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result); | |
50 | + if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL)) | |
51 | + domain = daemon->namebuff; | |
52 | + | |
53 | + log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result); | |
54 | ||
55 | if (status == STAT_BOGUS) | |
56 | { | |
57 | -- | |
58 | 2.1.0 | |
59 |