// Does the validation mode or query demand validation?
if(g_dnssecmode == DNSSECMode::ValidateAll || g_dnssecmode==DNSSECMode::ValidateForLog || (dc->d_mdp.d_header.ad && g_dnssecmode==DNSSECMode::Process)) {
- if(sr.doLog()) {
- L<<Logger::Warning<<"Starting validation of answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<endl;
- }
-
- auto state=validateRecords(ret);
- if(state == Secure) {
- if(sr.doLog()) {
- L<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<" validates correctly"<<endl;
- }
-
- // Is the query source interested in the value of the ad-bit?
- if (dc->d_mdp.d_header.ad)
- pw.getHeader()->ad=1;
- }
- else if(state == Insecure) {
+ try {
if(sr.doLog()) {
- L<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<" validates as Insecure"<<endl;
- }
-
- pw.getHeader()->ad=0;
- }
- else if(state == Bogus) {
- if(sr.doLog() || g_dnssecmode == DNSSECMode::ValidateForLog) {
- L<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<" validates as Bogus"<<endl;
+ L<<Logger::Warning<<"Starting validation of answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<endl;
}
-
- // Does the query or validation mode sending out a SERVFAIL on validation errors?
- if(!pw.getHeader()->cd && (g_dnssecmode == DNSSECMode::ValidateAll || dc->d_mdp.d_header.ad)) {
+
+ auto state=validateRecords(ret);
+ if(state == Secure) {
if(sr.doLog()) {
- L<<Logger::Warning<<"Sending out SERVFAIL for "<<dc->d_mdp.d_qname<<" because recursor or query demands it for Bogus results"<<endl;
+ L<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<" validates correctly"<<endl;
}
-
- pw.getHeader()->rcode=RCode::ServFail;
- goto sendit;
- } else {
+
+ // Is the query source interested in the value of the ad-bit?
+ if (dc->d_mdp.d_header.ad)
+ pw.getHeader()->ad=1;
+ }
+ else if(state == Insecure) {
if(sr.doLog()) {
- L<<Logger::Warning<<"Not sending out SERVFAIL for "<<dc->d_mdp.d_qname<<" Bogus validation since neither config nor query demands this"<<endl;
+ L<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<" validates as Insecure"<<endl;
}
+
+ pw.getHeader()->ad=0;
}
+ else if(state == Bogus) {
+ if(sr.doLog() || g_dnssecmode == DNSSECMode::ValidateForLog) {
+ L<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<" for "<<dc->d_remote.toStringWithPort()<<" validates as Bogus"<<endl;
+ }
+
+ // Does the query or validation mode sending out a SERVFAIL on validation errors?
+ if(!pw.getHeader()->cd && (g_dnssecmode == DNSSECMode::ValidateAll || dc->d_mdp.d_header.ad)) {
+ if(sr.doLog()) {
+ L<<Logger::Warning<<"Sending out SERVFAIL for "<<dc->d_mdp.d_qname<<" because recursor or query demands it for Bogus results"<<endl;
+ }
+
+ pw.getHeader()->rcode=RCode::ServFail;
+ goto sendit;
+ } else {
+ if(sr.doLog()) {
+ L<<Logger::Warning<<"Not sending out SERVFAIL for "<<dc->d_mdp.d_qname<<" Bogus validation since neither config nor query demands this"<<endl;
+ }
+ }
+ }
+ }
+ catch(ImmediateServFailException &e) {
+ if(g_logCommonErrors)
+ L<<Logger::Notice<<"Sending SERVFAIL to "<<dc->getRemote()<<" during validation of '"<<dc->d_mdp.d_qname<<"' because: "<<e.reason<<endl;
+ pw.getHeader()->rcode=RCode::ServFail;
+ goto sendit;
}
}
projects / thirdparty / pdns.git / commitdiff
