From: Nick Rosbrook Date: Fri, 22 Aug 2025 15:34:17 +0000 (-0400) Subject: resolve: include DNSSEC and DNSOverTLS modes in dumps X-Git-Tag: v257.9~15 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=104355caed9664733e55f5426dcb8e546a9d080f;p=thirdparty%2Fsystemd.git resolve: include DNSSEC and DNSOverTLS modes in dumps This is useful for testing and debugging. E.g., one can examine the active DNSSEC mode of the scope using: $ resolvectl show-cache (cherry picked from commit 71da422058e1512636e0291f17e4d55f5413db5e) --- diff --git a/src/resolve/resolvectl.c b/src/resolve/resolvectl.c index 8b60d76139f..18bef7cd4f7 100644 --- a/src/resolve/resolvectl.c +++ b/src/resolve/resolvectl.c @@ -3107,6 +3107,8 @@ static int dump_cache_scope(sd_json_variant *scope) { int ifindex; const char *ifname; sd_json_variant *cache; + const char *dnssec_mode; + const char *dns_over_tls_mode; } scope_info = { .family = AF_UNSPEC, }; @@ -3114,11 +3116,13 @@ static int dump_cache_scope(sd_json_variant *scope) { int r, c = 0; static const sd_json_dispatch_field dispatch_table[] = { - { "protocol", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, protocol), SD_JSON_MANDATORY }, - { "family", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_int, offsetof(struct scope_info, family), 0 }, - { "ifindex", _SD_JSON_VARIANT_TYPE_INVALID, json_dispatch_ifindex, offsetof(struct scope_info, ifindex), SD_JSON_RELAX }, - { "ifname", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, ifname), 0 }, - { "cache", SD_JSON_VARIANT_ARRAY, sd_json_dispatch_variant_noref, offsetof(struct scope_info, cache), SD_JSON_MANDATORY }, + { "protocol", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, protocol), SD_JSON_MANDATORY }, + { "family", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_int, offsetof(struct scope_info, family), 0 }, + { "ifindex", _SD_JSON_VARIANT_TYPE_INVALID, json_dispatch_ifindex, offsetof(struct scope_info, ifindex), SD_JSON_RELAX }, + { "ifname", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, ifname), 0 }, + { "cache", SD_JSON_VARIANT_ARRAY, sd_json_dispatch_variant_noref, offsetof(struct scope_info, cache), SD_JSON_MANDATORY }, + { "dnssec", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, dnssec_mode), 0 }, + { "dnsOverTLS", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct scope_info, dns_over_tls_mode), 0 }, {}, }; @@ -3136,6 +3140,13 @@ static int dump_cache_scope(sd_json_variant *scope) { if (scope_info.ifname) printf(" ifname=%s", scope_info.ifname); + if (dns_protocol_from_string(scope_info.protocol) == DNS_PROTOCOL_DNS) { + if (scope_info.dnssec_mode) + printf(" DNSSEC=%s", scope_info.dnssec_mode); + if (scope_info.dns_over_tls_mode) + printf(" DNSOverTLS=%s", scope_info.dns_over_tls_mode); + } + printf("%s\n", ansi_normal()); JSON_VARIANT_ARRAY_FOREACH(i, scope_info.cache) { diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c index 3f137468cce..5419e7a6e9b 100644 --- a/src/resolve/resolved-dns-scope.c +++ b/src/resolve/resolved-dns-scope.c @@ -1375,6 +1375,14 @@ void dns_scope_dump(DnsScope *s, FILE *f) { fputs(af_to_name(s->family), f); } + if (s->protocol == DNS_PROTOCOL_DNS) { + fputs(" DNSSEC=", f); + fputs(dnssec_mode_to_string(s->dnssec_mode), f); + + fputs(" DNSOverTLS=", f); + fputs(dns_over_tls_mode_to_string(s->dns_over_tls_mode), f); + } + fputs("]\n", f); if (!dns_zone_is_empty(&s->zone)) { @@ -1737,7 +1745,13 @@ int dns_scope_dump_cache_to_json(DnsScope *scope, sd_json_variant **ret) { SD_JSON_BUILD_PAIR_CONDITION(scope->family != AF_UNSPEC, "family", SD_JSON_BUILD_INTEGER(scope->family)), SD_JSON_BUILD_PAIR_CONDITION(!!scope->link, "ifindex", SD_JSON_BUILD_INTEGER(dns_scope_ifindex(scope))), SD_JSON_BUILD_PAIR_CONDITION(!!scope->link, "ifname", SD_JSON_BUILD_STRING(dns_scope_ifname(scope))), - SD_JSON_BUILD_PAIR_VARIANT("cache", cache)); + SD_JSON_BUILD_PAIR_VARIANT("cache", cache), + SD_JSON_BUILD_PAIR_CONDITION(scope->protocol == DNS_PROTOCOL_DNS, + "dnssec", + SD_JSON_BUILD_STRING(dnssec_mode_to_string(scope->dnssec_mode))), + SD_JSON_BUILD_PAIR_CONDITION(scope->protocol == DNS_PROTOCOL_DNS, + "dnsOverTLS", + SD_JSON_BUILD_STRING(dns_over_tls_mode_to_string(scope->dns_over_tls_mode)))); } int dns_type_suitable_for_protocol(uint16_t type, DnsProtocol protocol) { diff --git a/src/shared/varlink-io.systemd.Resolve.Monitor.c b/src/shared/varlink-io.systemd.Resolve.Monitor.c index bc8907ddbe0..cefafb14690 100644 --- a/src/shared/varlink-io.systemd.Resolve.Monitor.c +++ b/src/shared/varlink-io.systemd.Resolve.Monitor.c @@ -48,7 +48,9 @@ static SD_VARLINK_DEFINE_STRUCT_TYPE( SD_VARLINK_DEFINE_FIELD(family, SD_VARLINK_INT, SD_VARLINK_NULLABLE), SD_VARLINK_DEFINE_FIELD(ifindex, SD_VARLINK_INT, SD_VARLINK_NULLABLE), SD_VARLINK_DEFINE_FIELD(ifname, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), - SD_VARLINK_DEFINE_FIELD_BY_TYPE(cache, CacheEntry, SD_VARLINK_ARRAY)); + SD_VARLINK_DEFINE_FIELD_BY_TYPE(cache, CacheEntry, SD_VARLINK_ARRAY), + SD_VARLINK_DEFINE_FIELD(dnssec, SD_VARLINK_STRING, SD_VARLINK_NULLABLE), + SD_VARLINK_DEFINE_FIELD(dnsOverTLS, SD_VARLINK_STRING, SD_VARLINK_NULLABLE)); static SD_VARLINK_DEFINE_METHOD( DumpCache,