[Dnsmasq-discuss] [PATCH] dnssec: add hostname info to insecure DS warning
Simon Kelley
simon at thekelleys.org.uk
Tue Feb 11 21:34:03 GMT 2020
On 11/05/2019 18:05, Kevin Darbyshire-Bryant wrote:
> From: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
>
> Make the existing "insecure DS received" warning more informative by
> reporting the domain name reporting the issue.
>
> This may help identify a problem with a specific domain or server
> configuration.
>
> Signed-off-by: Kevin Darbyshire-Bryant <ldir at darbyshire-bryant.me.uk>
> ---
> src/dnssec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/dnssec.c b/src/dnssec.c
> index 9bf43a2..5e0686c 100644
> --- a/src/dnssec.c
> +++ b/src/dnssec.c
> @@ -873,7 +873,7 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char
>
> if (rc == STAT_INSECURE)
> {
> - my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?"));
> + my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name);
> rc = STAT_BOGUS;
> }
>
>
Patch applied..... eventually!
Simon.
More information about the Dnsmasq-discuss
mailing list