From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 10 Jan 2024 01:10:06 +0000 (+0900)
Subject: resolve: drop DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE
X-Git-Tag: v256-rc1~1205^2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9ae51762d7be5efc0553cf4039fa7483a2799e45;p=thirdparty%2Fsystemd.git

resolve: drop DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE

This partially reverts commit 9ca133e97a0c8795b1f293ccea4965b4ad1accc4.

Not only there is no reason to introduce a new transaction failure state,
but also the commit introduces several severe issues.

Fixes #30776, #30779.
---

diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 8c9475cd3de..ef3f5237a9e 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -189,11 +189,6 @@ static int reply_query_state(DnsQuery *q) {
                 return sd_bus_reply_method_error(req, &error);
         }
 
-        case DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE:
-                return reply_method_errorf(q, BUS_ERROR_DNSSEC_FAILED, "DNSSEC validation failed upstream: %s%s%s",
-                                           dns_ede_rcode_to_string(q->answer_ede_rcode),
-                                           isempty(q->answer_ede_msg) ? "" : ": ", q->answer_ede_msg);
-
         case DNS_TRANSACTION_NULL:
         case DNS_TRANSACTION_PENDING:
         case DNS_TRANSACTION_VALIDATING:
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index aeae08f2f61..12c48deb662 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -411,21 +411,6 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
                            "DNS_SERVER_FEATURE_LEVEL=%s", dns_server_feature_level_to_string(t->server->possible_feature_level));
         }
 
-        if (state == DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE) {
-                dns_resource_key_to_string(dns_transaction_key(t), key_str, sizeof key_str);
-
-                log_struct(LOG_NOTICE,
-                           "MESSAGE_ID=" SD_MESSAGE_DNSSEC_FAILURE_STR,
-                           LOG_MESSAGE("Upstream resolver reported failure for question %s: %s%s%s",
-                                       key_str, dns_ede_rcode_to_string(t->answer_ede_rcode),
-                                       isempty(t->answer_ede_msg) ? "" : ": ", t->answer_ede_msg),
-                           "DNS_TRANSACTION=%" PRIu16, t->id,
-                           "DNS_QUESTION=%s", key_str,
-                           "DNS_EDE_RCODE=%s", dns_ede_rcode_to_string(t->answer_ede_rcode),
-                           "DNS_SERVER=%s", strna(dns_server_string_full(t->server)),
-                           "DNS_SERVER_FEATURE_LEVEL=%s", dns_server_feature_level_to_string(t->server->possible_feature_level));
-        }
-
         /* Note that this call might invalidate the query. Callers
          * should hence not attempt to access the query or transaction
          * after calling this function. */
@@ -1241,7 +1226,7 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt
                                                   FORMAT_DNS_EDE_RCODE(t->answer_ede_rcode),
                                                   isempty(t->answer_ede_msg) ? "" : ": ",
                                                   strempty(t->answer_ede_msg));
-                                        dns_transaction_complete(t, DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE);
+                                        dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED);
                                         return;
                                 }
 
diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h
index 1188708d8f5..6de4cdd7491 100644
--- a/src/resolve/resolved-dns-transaction.h
+++ b/src/resolve/resolved-dns-transaction.h
@@ -20,7 +20,6 @@ enum DnsTransactionState {
         DNS_TRANSACTION_PENDING,
         DNS_TRANSACTION_VALIDATING,
         DNS_TRANSACTION_RCODE_FAILURE,
-        DNS_TRANSACTION_UPSTREAM_DNSSEC_FAILURE,
         DNS_TRANSACTION_SUCCESS,
         DNS_TRANSACTION_NO_SERVERS,
         DNS_TRANSACTION_TIMEOUT,