rec: Log when going Bogus because of a missing SOA in authority

author Remi Gacogne <remi.gacogne@powerdns.com>

Tue, 15 Sep 2020 13:03:34 +0000 (15:03 +0200)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Fri, 25 Sep 2020 09:56:43 +0000 (11:56 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Tue, 15 Sep 2020 13:03:34 +0000 (15:03 +0200)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Fri, 25 Sep 2020 09:56:43 +0000 (11:56 +0200)
diff --git a/pdns/syncres.cc b/pdns/syncres.cc

index 24b0a8f5054f7723b2d4aff1664051e2ffcf3c45..f31137df723b90b295d90acd12beb26af454438a 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -3452,6 +3452,7 @@ bool SyncRes::processAnswer(unsigned int depth, LWResult& lwr, const DNSName& qn
      LOG(prefix<<qname<<": status=NXDOMAIN, we are done "<<(negindic ? "(have negative SOA)" : "")<<endl);
  
      if (state == Secure && (lwr.d_aabit || sendRDQuery) && !negindic) {
+      LOG(prefix<<qname<<": NXDOMAIN without a negative indication (missing SOA in authority) in a DNSSEC secure zone, going Bogus"<<endl);
        updateValidationState(state, Bogus);
      }
  
@@ -3466,6 +3467,7 @@ bool SyncRes::processAnswer(unsigned int depth, LWResult& lwr, const DNSName& qn
      LOG(prefix<<qname<<": status=noerror, other types may exist, but we are done "<<(negindic ? "(have negative SOA) " : "")<<(lwr.d_aabit ? "(have aa bit) " : "")<<endl);
  
      if(state == Secure && (lwr.d_aabit || sendRDQuery) && !negindic) {
+      LOG(prefix<<qname<<": NODATA without a negative indication (missing SOA in authority) in a DNSSEC secure zone, going Bogus"<<endl);
        updateValidationState(state, Bogus);
      }
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Tue, 15 Sep 2020 13:03:34 +0000 (15:03 +0200)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Fri, 25 Sep 2020 09:56:43 +0000 (11:56 +0200)