1 From 554b580e970275d5a869cb4fbfb2716f92b2f664 Mon Sep 17 00:00:00 2001
2 From: Simon Kelley <simon@thekelleys.org.uk>
3 Date: Fri, 17 Apr 2015 22:50:20 +0100
4 Subject: [PATCH 078/113] Log domain when reporting DNSSEC validation failure.
7 src/forward.c | 15 ++++++++++-----
8 1 file changed, 10 insertions(+), 5 deletions(-)
10 diff --git a/src/forward.c b/src/forward.c
11 index 3f6b9a23b6ab..1c7da3f5655c 100644
14 @@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now)
15 header->hb3 |= HB3_TC;
19 + char *result, *domain = "result";
21 if (forward->work_counter == 0)
23 @@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now)
25 result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
27 - log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
28 + if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
29 + domain = daemon->namebuff;
31 + log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
34 if (status == STAT_SECURE)
35 @@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now,
37 int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */
38 int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount);
40 + char *result, *domain = "result";
42 if (status == STAT_INSECURE_DS)
44 @@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now,
47 result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
49 - log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result);
50 + if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
51 + domain = daemon->namebuff;
53 + log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
55 if (status == STAT_BOGUS)