Tell the user DNSSEC is disabled from rec_control

diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc
index be3724b6b4f453cb2243f31cb97960813c12befe..b09a41dd559af674e75cc86d70090153cc6fd5dc 100644 (file)
--- a/pdns/rec_channel_rec.cc
+++ b/pdns/rec_channel_rec.cc
@@ -348,6 +348,9 @@ string doSetCarbonServer(T begin, T end)
 template<typename T>
 string doSetDnssecLogBogus(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not changing the Bogus logging setting\n";
+
   if (begin == end)
     return "No DNSSEC Bogus logging setting specified\n";
 
@@ -375,6 +378,9 @@ string doSetDnssecLogBogus(T begin, T end)
 template<typename T>
 string doAddNTA(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not adding a Negative Trust Anchor\n";
+
   if(begin == end)
     return "No NTA specified, doing nothing\n";
 
@@ -408,6 +414,9 @@ string doAddNTA(T begin, T end)
 template<typename T>
 string doClearNTA(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not removing a Negative Trust Anchor\n";
+
   if(begin == end)
     return "No Negative Trust Anchor specified, doing nothing.\n";
 
@@ -456,6 +465,9 @@ string doClearNTA(T begin, T end)
 
 static string getNTAs()
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration\n";
+
   string ret("Configured Negative Trust Anchors:\n");
   auto luaconf = g_luaconfs.getLocal();
   for (auto negAnchor : luaconf->negAnchors)
@@ -466,6 +478,9 @@ static string getNTAs()
 template<typename T>
 string doAddTA(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not adding a Trust Anchor\n";
+
   if(begin == end)
     return "No TA specified, doing nothing\n";
 
@@ -506,6 +521,9 @@ string doAddTA(T begin, T end)
 template<typename T>
 string doClearTA(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not removing a Trust Anchor\n";
+
   if(begin == end)
     return "No Trust Anchor to clear\n";
 
@@ -546,6 +564,9 @@ string doClearTA(T begin, T end)
 
 static string getTAs()
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration\n";
+
   string ret("Configured Trust Anchors:\n");
   auto luaconf = g_luaconfs.getLocal();
   for (auto anchor : luaconf->dsAnchors) {

diff --git a/pdns/validate-recursor.cc b/pdns/validate-recursor.cc
index aef9379c5d565079373bce0781349e1a19dbaf98..c7392667e89d509051d76f70847fd8ede150c2f6 100644 (file)
--- a/pdns/validate-recursor.cc
+++ b/pdns/validate-recursor.cc
@@ -26,9 +26,17 @@ public:
   int d_queries{0};
 };
 
-void warnIfDNSSECDisabled(const string& msg) {
-  if(g_dnssecmode == DNSSECMode::Off)
-    L<<Logger::Warning<<msg<<endl;
+bool checkDNSSECDisabled() {
+  return warnIfDNSSECDisabled("");
+}
+
+bool warnIfDNSSECDisabled(const string& msg) {
+  if(g_dnssecmode == DNSSECMode::Off) {
+    if (!msg.empty())
+      L<<Logger::Warning<<msg<<endl;
+    return true;
+  }
+  return false;
 }
 
 inline vState increaseDNSSECStateCounter(const vState& state)

diff --git a/pdns/validate-recursor.hh b/pdns/validate-recursor.hh
index 2fa9850828cd2400ca720e25cf323897942d7704..bf99d7de0e2238e4c5125c5062aabe0e53330bb6 100644 (file)
--- a/pdns/validate-recursor.hh
+++ b/pdns/validate-recursor.hh
@@ -38,4 +38,5 @@ enum class DNSSECMode { Off, Process, ProcessNoValidate, ValidateForLog, Validat
 extern DNSSECMode g_dnssecmode;
 extern bool g_dnssecLogBogus;
 
-void warnIfDNSSECDisabled(const string& msg);
+bool checkDNSSECDisabled();
+bool warnIfDNSSECDisabled(const string& msg);