git.ipfire.org Git - thirdparty/bind9.git/commit

author	Mark Andrews <marka@isc.org>
	Wed, 29 May 2024 05:04:37 +0000 (15:04 +1000)
committer	Mark Andrews <marka@isc.org>
	Tue, 22 Oct 2024 21:35:08 +0000 (08:35 +1100)
commit	b7a13cf2c1934fa123c63d14a5d9695f36110040
tree	8db79b5eb98419f0a6936170b63ce250342a0e03	tree \| snapshot
parent	d282e5a66ec8b69b81b715e3f68bcb881cc06ad9	commit \| diff

Add per rule logging of dns_ssutable_checkrules processing

These are logged to the update category at debug level 99 and
have the following form.

    update-policy: using: signer=ddns-key.example.nil, name=updated.example.nil, addr=10.53.0.1, tcp=0, type=A, target=
    update-policy: trying: grant zonesub-key.example.nil zonesub TXT
    update-policy: next rule: signer does not match identity
    update-policy: trying: grant ddns-key.example.nil zonesub ANY
    update-policy: matched: grant ddns-key.example.nil zonesub ANY

or

    update-policy: using: signer=restricted.example.nil, name=example.nil, addr=10.53.0.1, tcp=0, type=TXT, target=
    update-policy: trying: grant zonesub-key.example.nil zonesub TXT
    update-policy: next rule: signer does not match identity
    update-policy: trying: grant ddns-key.example.nil zonesub ANY
    update-policy: next rule: signer does not match identity
    update-policy: trying: grant restricted.example.nil zonesub ANY
    update-policy: next rule: name/subdomain mismatch
    update-policy: no match found

where 'using:' is the calling parameters of dns_ssutable_checkrules,
'trying:' in the rule bing evaluated, "next rule:" is the reason
the rule does not match, "matched:" repeats the matched rule, and
no match found is reported when te set of rules is exhausted.

bin/named/zoneconf.c		diff \| blob \| blame \| history
lib/dns/include/dns/ssu.h		diff \| blob \| blame \| history
lib/dns/ssu.c		diff \| blob \| blame \| history