From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 5 Oct 2017 14:53:32 +0000 (+0200)
Subject: resolved: include DNS server feature level info in SIGUSR1 status dump
X-Git-Tag: v235~7^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cf84484a56bb03043569445f2df7afd4d7aa3fb0;p=thirdparty%2Fsystemd.git

resolved: include DNS server feature level info in SIGUSR1 status dump

let's make the status dump more useful for tracking down server issues.
---

diff --git a/NEWS b/NEWS
index bc1a77bf122..fdd0b880770 100644
--- a/NEWS
+++ b/NEWS
@@ -213,7 +213,12 @@ CHANGES WITH 235:
           switch. When invoked like this systemd-resolved will forget
           everything it learnt about the features supported by the configured
           upstream DNS servers, and restarts the feature probing logic on the
-          next resolver look-up for them at the highest feature level again.
+          next resolver look-up for them at the highest feature level
+          again.
+
+        * The status dump systemd-resolved sends to the logs upon receiving
+          SIGUSR1 now also includes information about all DNS servers it is
+          configured to use, and the features levels it probed for them.
 
         Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
         Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml
index 1ad9500d78b..d07d1968b4d 100644
--- a/man/systemd-resolved.service.xml
+++ b/man/systemd-resolved.service.xml
@@ -203,8 +203,9 @@
         <term><constant>SIGUSR1</constant></term>
 
         <listitem><para>Upon reception of the <constant>SIGUSR1</constant> process signal
-        <command>systemd-resolved</command> will dump the contents of all DNS resource record caches it maintains into
-        the system logs.</para></listitem>
+        <command>systemd-resolved</command> will dump the contents of all DNS resource record caches it maintains, as
+        well as all feature level information it learnt about configured DNS servers into the system
+        logs.</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c
index f0822d1f72c..1b61dea626d 100644
--- a/src/resolve/resolved-dns-server.c
+++ b/src/resolve/resolved-dns-server.c
@@ -853,6 +853,57 @@ void dns_server_reset_features_all(DnsServer *s) {
                 dns_server_reset_features(i);
 }
 
+void dns_server_dump(DnsServer *s, FILE *f) {
+        assert(s);
+
+        if (!f)
+                f = stdout;
+
+        fputs("[Server ", f);
+        fputs(dns_server_string(s), f);
+        fputs(" type=", f);
+        fputs(dns_server_type_to_string(s->type), f);
+
+        if (s->type == DNS_SERVER_LINK) {
+                assert(s->link);
+
+                fputs(" interface=", f);
+                fputs(s->link->name, f);
+        }
+
+        fputs("]\n", f);
+
+        fputs("\tVerified feature level: ", f);
+        fputs(strna(dns_server_feature_level_to_string(s->verified_feature_level)), f);
+        fputc('\n', f);
+
+        fputs("\tPossible feature level: ", f);
+        fputs(strna(dns_server_feature_level_to_string(s->possible_feature_level)), f);
+        fputc('\n', f);
+
+        fputs("\tDNSSEC Mode: ", f);
+        fputs(strna(dnssec_mode_to_string(dns_server_get_dnssec_mode(s))), f);
+        fputc('\n', f);
+
+        fputs("\tCan do DNSSEC: ", f);
+        fputs(yes_no(dns_server_dnssec_supported(s)), f);
+        fputc('\n', f);
+
+        fprintf(f,
+                "\tMaximum UDP packet size received: %zu\n"
+                "\tFailed UDP attempts: %u\n"
+                "\tFailed TCP attempts: %u\n"
+                "\tSeen truncated packet: %s\n"
+                "\tSeen OPT RR getting lost: %s\n"
+                "\tSeen RRSIG RR missing: %s\n",
+                s->received_udp_packet_max,
+                s->n_failed_udp,
+                s->n_failed_tcp,
+                yes_no(s->packet_truncated),
+                yes_no(s->packet_bad_opt),
+                yes_no(s->packet_rrsig_missing));
+}
+
 static const char* const dns_server_type_table[_DNS_SERVER_TYPE_MAX] = {
         [DNS_SERVER_SYSTEM] = "system",
         [DNS_SERVER_FALLBACK] = "fallback",
diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h
index a5a82f7b760..00edd47d9a7 100644
--- a/src/resolve/resolved-dns-server.h
+++ b/src/resolve/resolved-dns-server.h
@@ -154,3 +154,5 @@ void dns_server_flush_cache(DnsServer *s);
 
 void dns_server_reset_features(DnsServer *s);
 void dns_server_reset_features_all(DnsServer *s);
+
+void dns_server_dump(DnsServer *s, FILE *f);
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index 50d32d37e9a..23c6731954b 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -519,8 +519,11 @@ static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si
         _cleanup_free_ char *buffer = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         Manager *m = userdata;
+        DnsServer *server;
         size_t size = 0;
         DnsScope *scope;
+        Iterator i;
+        Link *l;
 
         assert(s);
         assert(si);
@@ -533,6 +536,14 @@ static int manager_sigusr1(sd_event_source *s, const struct signalfd_siginfo *si
         LIST_FOREACH(scopes, scope, m->dns_scopes)
                 dns_scope_dump(scope, f);
 
+        LIST_FOREACH(servers, server, m->dns_servers)
+                dns_server_dump(server, f);
+        LIST_FOREACH(servers, server, m->fallback_dns_servers)
+                dns_server_dump(server, f);
+        HASHMAP_FOREACH(l, m->links, i)
+                LIST_FOREACH(servers, server, l->dns_servers)
+                        dns_server_dump(server, f);
+
         if (fflush_and_check(f) < 0)
                 return log_oom();