Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Log domain when reporting DNSSEC validation failure.

Browse Source
This commit is contained in:
Simon Kelley
2015-04-17 22:50:20 +01:00
parent 0df29f5e23
commit 554b580e97
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/forward.c
View File

@@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now)
header->hb3 |= HB3_TC; header->hb3 |= HB3_TC;
else else
{ {
char *result; char *result, *domain = "result";
if (forward->work_counter == 0) if (forward->work_counter == 0)
{ {
@@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now)
else else
result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result); if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
domain = daemon->namebuff;
log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
} }
if (status == STAT_SECURE) if (status == STAT_SECURE)
@@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now,
{ {
int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */ int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */
int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount); int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount);
char *result; char *result, *domain = "result";
if (status == STAT_INSECURE_DS) if (status == STAT_INSECURE_DS)
{ {
@@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now,
} }
else else
result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS"));
if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
domain = daemon->namebuff;
log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result); log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
if (status == STAT_BOGUS) if (status == STAT_BOGUS)
{ {