From: Nick Rosbrook Date: Fri, 22 Aug 2025 15:34:17 +0000 (-0400) Subject: resolve: include DNSSEC and DNSOverTLS modes in dumps X-Git-Tag: v258-rc4~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=71da422058e1512636e0291f17e4d55f5413db5e;p=thirdparty%2Fsystemd.git resolve: include DNSSEC and DNSOverTLS modes in dumps This is useful for testing and debugging. E.g., one can examine the active DNSSEC mode of the scope using: $ resolvectl show-cache --- diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c index bdfc8230585..a5e8696d89a 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -3321,6 +3321,8 @@ static int dump_cache_scope(sd_json_variant *scope) { int ifindex; const char *ifname; sd_json_variant *cache; + const char *dnssec_mode; + const char *dns_over_tls_mode; } scope_info = { .family = AF_UNSPEC, }; @@ -3328,11 +3330,13 @@ static int dump_cache_scope(sd_json_variant *scope) { int r, c = 0; static const sd_json_dispatch_field dispatch_table[] = { - { "protocol", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, protocol), SD_JSON_MANDATORY }, - { "family", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_int, offsetof(struct scope_info, family), 0 }, - { "ifindex", _SD_JSON_VARIANT_TYPE_INVALID, json_dispatch_ifindex, offsetof(struct scope_info, ifindex), SD_JSON_RELAX }, - { "ifname", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, ifname), 0 }, - { "cache", SD_JSON_VARIANT_ARRAY, sd_json_dispatch_variant_noref, offsetof(struct scope_info, cache), SD_JSON_MANDATORY }, + { "protocol", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, protocol), SD_JSON_MANDATORY }, + { "family", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_int, offsetof(struct scope_info, family), 0 }, + { "ifindex", _SD_JSON_VARIANT_TYPE_INVALID, json_dispatch_ifindex, offsetof(struct scope_info, ifindex), SD_JSON_RELAX }, + { "ifname", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, ifname), 0 }, + { "cache", SD_JSON_VARIANT_ARRAY, sd_json_dispatch_variant_noref, offsetof(struct scope_info, cache), SD_JSON_MANDATORY }, + { "dnssec", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, dnssec_mode), 0 }, + { "dnsOverTLS", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, dns_over_tls_mode), 0 }, {}, }; @@ -3350,6 +3354,13 @@ static int dump_cache_scope(sd_json_variant *scope) { if (scope_info.ifname) printf(" ifname=%s", scope_info.ifname); + if (dns_protocol_from_string(scope_info.protocol) == DNS_PROTOCOL_DNS) { + if (scope_info.dnssec_mode) + printf(" DNSSEC=%s", scope_info.dnssec_mode); + if (scope_info.dns_over_tls_mode) + printf(" DNSOverTLS=%s", scope_info.dns_over_tls_mode); + } + printf("%s\n", ansi_normal()); JSON_VARIANT_ARRAY_FOREACH(i, scope_info.cache) { diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 27ccf337d10..a81f9f1936b 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -1427,6 +1427,14 @@ void dns_scope_dump(DnsScope *s, FILE *f) { fputs(s->delegate->id, f); } + if (s->protocol == DNS_PROTOCOL_DNS) { + fputs(" DNSSEC=", f); + fputs(dnssec_mode_to_string(s->dnssec_mode), f); + + fputs(" DNSOverTLS=", f); + fputs(dns_over_tls_mode_to_string(s->dns_over_tls_mode), f); + } + fputs("]\n", f); if (!dns_zone_is_empty(&s->zone)) { @@ -1802,7 +1810,13 @@ int dns_scope_dump_cache_to_json(DnsScope *scope, sd_json_variant **ret) { SD_JSON_BUILD_PAIR_CONDITION(scope->family != AF_UNSPEC, "family", SD_JSON_BUILD_INTEGER(scope->family)), SD_JSON_BUILD_PAIR_CONDITION(!!scope->link, "ifindex", SD_JSON_BUILD_INTEGER(dns_scope_ifindex(scope))), SD_JSON_BUILD_PAIR_CONDITION(!!scope->link, "ifname", SD_JSON_BUILD_STRING(dns_scope_ifname(scope))), - SD_JSON_BUILD_PAIR_VARIANT("cache", cache)); + SD_JSON_BUILD_PAIR_VARIANT("cache", cache), + SD_JSON_BUILD_PAIR_CONDITION(scope->protocol == DNS_PROTOCOL_DNS, + "dnssec", + SD_JSON_BUILD_STRING(dnssec_mode_to_string(scope->dnssec_mode))), + SD_JSON_BUILD_PAIR_CONDITION(scope->protocol == DNS_PROTOCOL_DNS, + "dnsOverTLS", + SD_JSON_BUILD_STRING(dns_over_tls_mode_to_string(scope->dns_over_tls_mode)))); } int dns_type_suitable_for_protocol(uint16_t type, DnsProtocol protocol) { diff --git a/src/shared/varlink-io.systemd.Resolve.Monitor.c b/src/shared/varlink-io.systemd.Resolve.Monitor.c index 18d4eafefa0..2861368a45f 100644 --- a/src/shared/varlink-io.systemd.Resolve.Monitor.c +++ b/src/shared/varlink-io.systemd.Resolve.Monitor.c @@ -48,7 +48,9 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE( SD_VARLINK_DEFINE_FIELD(family, SD_VARLINK_INT, SD_VARLINK_NULLABLE), SD_VARLINK_DEFINE_FIELD(ifindex, SD_VARLINK_INT, SD_VARLINK_NULLABLE), SD_VARLINK_DEFINE_FIELD(ifname, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), - SD_VARLINK_DEFINE_FIELD_BY_TYPE(cache, CacheEntry, SD_VARLINK_ARRAY)); + SD_VARLINK_DEFINE_FIELD_BY_TYPE(cache, CacheEntry, SD_VARLINK_ARRAY), + SD_VARLINK_DEFINE_FIELD(dnssec, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), + SD_VARLINK_DEFINE_FIELD(dnsOverTLS, SD_VARLINK_STRING, SD_VARLINK_NULLABLE)); static SD_VARLINK_DEFINE_METHOD( DumpCache,