From 6fa0b9aba6b59b46c6e39ff26ce7ba3d2bb3da23 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 6 Aug 2020 18:18:30 +0200 Subject: [PATCH] validate: improve precision of one "going insecure" log The line was being logged a bit prematurely when the validator isn't really going insecure yet. This solves (some of?) those cases. --- lib/layer/validate.c | 1 - lib/resolve.c | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/layer/validate.c b/lib/layer/validate.c index 0c44f1bcc..cbbc0738a 100644 --- a/lib/layer/validate.c +++ b/lib/layer/validate.c @@ -481,7 +481,6 @@ static int update_delegation(struct kr_request *req, struct kr_query *qry, knot_ VERBOSE_MSG(qry, "<= bogus proof of DS non-existence\n"); qry->flags.DNSSEC_BOGUS = true; } else if (proved_name[0] != '\0') { /* don't go to insecure for . DS */ - VERBOSE_MSG(qry, "<= DS doesn't exist, going insecure\n"); qry->flags.DNSSEC_NODS = true; /* Rank the corresponding nonauth NS as insecure. */ for (int i = 0; i < req->auth_selected.len; ++i) { diff --git a/lib/resolve.c b/lib/resolve.c index 4f5ea0742..7b2eceb99 100644 --- a/lib/resolve.c +++ b/lib/resolve.c @@ -1200,6 +1200,7 @@ static int trust_chain_check(struct kr_request *request, struct kr_query *qry) if (qry->flags.DNSSEC_NODS) { /* This is the next query iteration with minimized qname. * At previous iteration DS non-existance has been proven */ + VERBOSE_MSG(qry, "<= DS doesn't exist, going insecure\n"); qry->flags.DNSSEC_NODS = false; qry->flags.DNSSEC_WANT = false; qry->flags.DNSSEC_INSECURE = true; -- 2.47.2