// Does the validation mode or query demand validation?
if(!shouldNotValidate && sr.isDNSSECValidationRequested()) {
try {
- if(sr.doLog()) {
- g_log<<Logger::Warning<<"Starting validation of answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<" for "<<dc->getRemote()<<endl;
+ auto state = sr.getValidationState();
+
+ string x_marker;
+ if (sr.doLog() || vStateIsBogus(state)) {
+ auto xdnssec = g_xdnssec.getLocal();
+ if (xdnssec->check(dc->d_mdp.d_qname)) {
+ x_marker = " [in x-dnssec-names]";
+ }
}
- auto state = sr.getValidationState();
+ if(sr.doLog()) {
+ g_log<<Logger::Warning<<"Starting validation of answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<x_marker<<" for "<<dc->getRemote()<<endl;
+ }
if(state == vState::Secure) {
if(sr.doLog()) {
- g_log<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<" for "<<dc->getRemote()<<" validates correctly"<<endl;
+ g_log<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<x_marker<<" for "<<dc->getRemote()<<" validates correctly"<<endl;
}
-
+
// Is the query source interested in the value of the ad-bit?
if (dc->d_mdp.d_header.ad || DNSSECOK)
pw.getHeader()->ad=1;
}
else if(state == vState::Insecure) {
if(sr.doLog()) {
- g_log<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<" for "<<dc->getRemote()<<" validates as Insecure"<<endl;
+ g_log<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<x_marker<<" for "<<dc->getRemote()<<" validates as Insecure"<<endl;
}
-
+
pw.getHeader()->ad=0;
}
else if (vStateIsBogus(state)) {
if(t_bogusqueryring)
t_bogusqueryring->push_back(make_pair(dc->d_mdp.d_qname, dc->d_mdp.d_qtype));
if(g_dnssecLogBogus || sr.doLog() || g_dnssecmode == DNSSECMode::ValidateForLog) {
- g_log<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<" for "<<dc->getRemote()<<" validates as "<<vStateToString(state)<<endl;
+ g_log<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<x_marker<<" for "<<dc->getRemote()<<" validates as "<<vStateToString(state)<<endl;
}
-
+
// Does the query or validation mode sending out a SERVFAIL on validation errors?
if(!pw.getHeader()->cd && (g_dnssecmode == DNSSECMode::ValidateAll || dc->d_mdp.d_header.ad || DNSSECOK)) {
if(sr.doLog()) {
g_log<<Logger::Warning<<"Sending out SERVFAIL for "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<" because recursor or query demands it for Bogus results"<<endl;
}
-
+
pw.getHeader()->rcode=RCode::ServFail;
goto sendit;
} else {
if(sr.doLog()) {
- g_log<<Logger::Warning<<"Not sending out SERVFAIL for "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<" Bogus validation since neither config nor query demands this"<<endl;
+ g_log<<Logger::Warning<<"Not sending out SERVFAIL for "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<x_marker<<" Bogus validation since neither config nor query demands this"<<endl;
}
}
}
projects / thirdparty / pdns.git / commitdiff
