diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2015-04-17 22:50:20 +0100 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2015-04-17 22:50:20 +0100 |
commit | 554b580e970275d5a869cb4fbfb2716f92b2f664 (patch) | |
tree | 013d8ae21e7d4aeab315927fda25bbefdec290b0 | |
parent | 0df29f5e23fd2f16181847db1fcf3a8b392d869a (diff) | |
download | dnsmasq-554b580e970275d5a869cb4fbfb2716f92b2f664.tar.gz |
Log domain when reporting DNSSEC validation failure.
-rw-r--r-- | src/forward.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/forward.c b/src/forward.c index 3f6b9a2..1c7da3f 100644 --- a/src/forward.c +++ b/src/forward.c @@ -1014,7 +1014,7 @@ void reply_query(int fd, int family, time_t now) header->hb3 |= HB3_TC; else { - char *result; + char *result, *domain = "result"; if (forward->work_counter == 0) { @@ -1024,7 +1024,10 @@ void reply_query(int fd, int family, time_t now) else result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); - log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result); + if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL)) + domain = daemon->namebuff; + + log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result); } if (status == STAT_SECURE) @@ -1975,7 +1978,7 @@ unsigned char *tcp_request(int confd, time_t now, { int keycount = DNSSEC_WORK; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */ int status = tcp_key_recurse(now, STAT_TRUNCATED, header, m, 0, daemon->namebuff, daemon->keyname, last_server, &keycount); - char *result; + char *result, *domain = "result"; if (status == STAT_INSECURE_DS) { @@ -1993,8 +1996,10 @@ unsigned char *tcp_request(int confd, time_t now, } else result = (status == STAT_SECURE ? "SECURE" : (status == STAT_INSECURE ? "INSECURE" : "BOGUS")); - - log_query(F_KEYTAG | F_SECSTAT, "result", NULL, result); + if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL)) + domain = daemon->namebuff; + + log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result); if (status == STAT_BOGUS) { |