From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Thu, 1 Sep 2016 16:40:53 +0000 (+0200)
Subject: Tell the user DNSSEC is disabled from rec_control
X-Git-Tag: dnsdist-1.1.0-beta2~82^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4865b6cb458ecc92315057f050da6c79add736df;p=thirdparty%2Fpdns.git

Tell the user DNSSEC is disabled from rec_control
---

diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc
index be3724b6b4..b09a41dd55 100644
--- a/pdns/rec_channel_rec.cc
+++ b/pdns/rec_channel_rec.cc
@@ -348,6 +348,9 @@ string doSetCarbonServer(T begin, T end)
 template<typename T>
 string doSetDnssecLogBogus(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not changing the Bogus logging setting\n";
+
   if (begin == end)
     return "No DNSSEC Bogus logging setting specified\n";
 
@@ -375,6 +378,9 @@ string doSetDnssecLogBogus(T begin, T end)
 template<typename T>
 string doAddNTA(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not adding a Negative Trust Anchor\n";
+
   if(begin == end)
     return "No NTA specified, doing nothing\n";
 
@@ -408,6 +414,9 @@ string doAddNTA(T begin, T end)
 template<typename T>
 string doClearNTA(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not removing a Negative Trust Anchor\n";
+
   if(begin == end)
     return "No Negative Trust Anchor specified, doing nothing.\n";
 
@@ -456,6 +465,9 @@ string doClearNTA(T begin, T end)
 
 static string getNTAs()
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration\n";
+
   string ret("Configured Negative Trust Anchors:\n");
   auto luaconf = g_luaconfs.getLocal();
   for (auto negAnchor : luaconf->negAnchors)
@@ -466,6 +478,9 @@ static string getNTAs()
 template<typename T>
 string doAddTA(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not adding a Trust Anchor\n";
+
   if(begin == end)
     return "No TA specified, doing nothing\n";
 
@@ -506,6 +521,9 @@ string doAddTA(T begin, T end)
 template<typename T>
 string doClearTA(T begin, T end)
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration, not removing a Trust Anchor\n";
+
   if(begin == end)
     return "No Trust Anchor to clear\n";
 
@@ -546,6 +564,9 @@ string doClearTA(T begin, T end)
 
 static string getTAs()
 {
+  if(checkDNSSECDisabled())
+    return "DNSSEC is disabled in the configuration\n";
+
   string ret("Configured Trust Anchors:\n");
   auto luaconf = g_luaconfs.getLocal();
   for (auto anchor : luaconf->dsAnchors) {
diff --git a/pdns/validate-recursor.cc b/pdns/validate-recursor.cc
index aef9379c5d..c7392667e8 100644
--- a/pdns/validate-recursor.cc
+++ b/pdns/validate-recursor.cc
@@ -26,9 +26,17 @@ public:
   int d_queries{0};
 };
 
-void warnIfDNSSECDisabled(const string& msg) {
-  if(g_dnssecmode == DNSSECMode::Off)
-    L<<Logger::Warning<<msg<<endl;
+bool checkDNSSECDisabled() {
+  return warnIfDNSSECDisabled("");
+}
+
+bool warnIfDNSSECDisabled(const string& msg) {
+  if(g_dnssecmode == DNSSECMode::Off) {
+    if (!msg.empty())
+      L<<Logger::Warning<<msg<<endl;
+    return true;
+  }
+  return false;
 }
 
 inline vState increaseDNSSECStateCounter(const vState& state)
diff --git a/pdns/validate-recursor.hh b/pdns/validate-recursor.hh
index 2fa9850828..bf99d7de0e 100644
--- a/pdns/validate-recursor.hh
+++ b/pdns/validate-recursor.hh
@@ -38,4 +38,5 @@ enum class DNSSECMode { Off, Process, ProcessNoValidate, ValidateForLog, Validat
 extern DNSSECMode g_dnssecmode;
 extern bool g_dnssecLogBogus;
 
-void warnIfDNSSECDisabled(const string& msg);
+bool checkDNSSECDisabled();
+bool warnIfDNSSECDisabled(const string& msg);