From: Mark Andrews <marka@isc.org>
Date: Wed, 9 Nov 2022 12:12:07 +0000 (+0000)
Subject: Report the key name that failed in retry_keyfetch
X-Git-Tag: v9.19.11~70^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb7b7ac4959be1f8b038a6cb53a8ba823ee7f7da;p=thirdparty%2Fbind9.git

Report the key name that failed in retry_keyfetch

When there are multiple managed trust anchors we need to know the
name of the trust anchor that is failing.  Extend the error message
to include the trust anchor name.
---

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 76f6dc4bc31..951bbfd34c7 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -10642,6 +10642,11 @@ retry_keyfetch(dns_keyfetch_t *kfetch, dns_name_t *kname) {
 	isc_time_t timenow, timethen;
 	dns_zone_t *zone = kfetch->zone;
 	bool free_needed;
+	char namebuf[DNS_NAME_FORMATSIZE];
+
+	dns_name_format(kname, namebuf, sizeof(namebuf));
+	dnssec_log(zone, ISC_LOG_WARNING,
+		   "Failed to create fetch for %s DNSKEY update", namebuf);
 
 	/*
 	 * Error during a key fetch; cancel and retry in an hour.
@@ -10653,8 +10658,6 @@ retry_keyfetch(dns_keyfetch_t *kfetch, dns_name_t *kname) {
 	dns_rdataset_disassociate(&kfetch->keydataset);
 	dns_name_free(kname, zone->mctx);
 	isc_mem_putanddetach(&kfetch->mctx, kfetch, sizeof(*kfetch));
-	dnssec_log(zone, ISC_LOG_WARNING,
-		   "Failed to create fetch for DNSKEY update");
 
 	if (!DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING)) {
 		/* Don't really retry if we are exiting */