Update managed keys log messages to be less confusing.

diff --git a/CHANGES b/CHANGES
index 6aa1d6be823ee4863f1f3ae38b9d34197cb6780d..21c9103b5b2a384d47c8a86428899b19ef9f7d9e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5487.  [cleanup]       Update managed keys log messages to be less confusing.
+                       [GL #2027]
+
 5486.  [func]          Add 'rndc dnssec -checkds' command to tell named
                        that the DS record has been published in the parent.
                        [GL #1613]

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index d6310878a89647d76bda1b554859578dc89bc96f..4fb7f5b43d2ff493d48b2759684374430aac8e5d 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -10252,9 +10252,9 @@ anchors_done:
                        } else if (keydata.addhd > now) {
                                dnssec_log(zone, ISC_LOG_INFO,
                                           "Pending key %d for zone %s "
-                                          "unexpectedly missing "
-                                          "restarting 30-day acceptance "
-                                          "timer",
+                                          "unexpectedly missing from DNSKEY "
+                                          "RRset: restarting 30-day "
+                                          "acceptance timer",
                                           keytag, namebuf);
                                if (keydata.addhd < now + dns_zone_mkey_month) {
                                        keydata.addhd = now +
@@ -10264,16 +10264,18 @@ anchors_done:
                        } else if (keydata.removehd == 0) {
                                dnssec_log(zone, ISC_LOG_INFO,
                                           "Active key %d for zone %s "
-                                          "unexpectedly missing",
+                                          "unexpectedly missing from DNSKEY "
+                                          "RRset",
                                           keytag, namebuf);
                                keydata.refresh = now + dns_zone_mkey_hour;
                        } else if (keydata.removehd <= now) {
                                deletekey = true;
-                               dnssec_log(zone, ISC_LOG_INFO,
-                                          "Revoked key %d for zone %s "
-                                          "missing: deleting from "
-                                          "managed keys database",
-                                          keytag, namebuf);
+                               dnssec_log(
+                                       zone, ISC_LOG_INFO,
+                                       "Revoked key %d for zone %s no longer "
+                                       "present in DNSKEY RRset: deleting "
+                                       "from managed keys database",
+                                       keytag, namebuf);
                        } else {
                                keydata.refresh = refresh_time(kfetch, false);
                        }