From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 24 Jun 2021 14:26:06 +0000 (+0200)
Subject: Add checkds log notice
X-Git-Tag: v9.17.16~8^2~6
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=1a505549635444dfc3afed636803c7d7af05773e;p=thirdparty%2Fbind9.git

Add checkds log notice

When the checkds published/withdrawn is activated, log a notice. Can
be used for testing, but also operationally useful.
---

diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c
index 1d47da8c332..b0a6f96c8f7 100644
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -2245,6 +2245,19 @@ keymgr_checkds(dns_kasp_t *kasp, dns_dnsseckeylist_t *keyring,
 		dst_key_settime(ksk_key->key, DST_TIME_DSDELETE, when);
 	}
 
+	if (isc_log_wouldlog(dns_lctx, ISC_LOG_NOTICE)) {
+		char keystr[DST_KEY_FORMATSIZE];
+		char timestr[26]; /* Minimal buf as per ctime_r() spec. */
+
+		dst_key_format(ksk_key->key, keystr, sizeof(keystr));
+		isc_stdtime_tostring(when, timestr, sizeof(timestr));
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC,
+			      DNS_LOGMODULE_DNSSEC, ISC_LOG_NOTICE,
+			      "keymgr: checkds DS for key %s seen %s at %s",
+			      keystr, dspublish ? "published" : "withdrawn",
+			      timestr);
+	}
+
 	/* Store key state and update hints. */
 	isc_dir_init(&dir);
 	if (directory == NULL) {