DNSSEC validation failure logging
=================================
-This module adds error message for each DNSSEC validation failure.
+This module logs a message for each DNSSEC validation failure (on ``notice`` :func:`level <log_level>`).
It is meant to provide hint to operators which queries should be
investigated using diagnostic tools like DNSViz_.
.. code-block:: none
- DNSSEC validation failure dnssec-failed.org. DNSKEY
+ [dnssec] validation failure: dnssec-failed.org. DNSKEY
.. _DNSViz: http://dnsviz.net/
.. code-block:: lua
> bogus_log.frequent()
- [1] => {
- [type] => DNSKEY
- [count] => 1
- [name] => dnssec-failed.org.
- }
- [2] => {
- [type] => DNSKEY
- [count] => 13
- [name] => rhybar.cz.
+ {
+ {
+ ['count'] = 1,
+ ['name'] = 'dnssec-failed.org.',
+ ['type'] = 'DNSKEY',
+ },
+ {
+ ['count'] = 13,
+ ['name'] = 'rhybar.cz.',
+ ['type'] = 'DNSKEY',
+ },
}
Please note that in future this module might be replaced
auto_free char *qname_text = kr_dname_text(knot_pkt_qname(pkt));
auto_free char *qtype_text = kr_rrtype_text(knot_pkt_qtype(pkt));
- kr_log_error(DNSSEC, "DNSSEC validation failure %s %s\n", qname_text, qtype_text);
+ kr_log_notice(DNSSEC, "validation failure: %s %s\n", qname_text, qtype_text);
/* log of most frequent bogus queries */
uint16_t type = knot_pkt_qtype(pkt);
projects / thirdparty / knot-resolver.git / commitdiff
