Siddhesh Poyarekar - [PATCH] Silence resolver logging for DNAME records when DNSSEC is enable (original) (raw)
This is the mail archive of the libc-alpha@sourceware.orgmailing list for the glibc project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] |
- From: Siddhesh Poyarekar
- To: libc-alpha at sourceware dot org
- Cc: carlos at redhat dot com
- Date: Fri, 20 Feb 2015 00:35:06 +0530
- Subject: [PATCH] Silence resolver logging for DNAME records when DNSSEC is enabled
- Authentication-results: sourceware.org; auth=none
DNAME records are a convenient way to set up RRSIG for an entire subtree of a domain name tree instead of signing each of those records. Querying on such domains result in messages about a mismatch in the query type and returned record type. This patch disables the logging of this message for DNAME records if the DO bit is set.
Tested on x86_64.
* resolv/gethnamaddr.c (getanswer): Don't log about record
type mismatch for DNAME if DNSSEC is requested.
* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.resolv/gethnamaddr.c | 14 +++++++++++--- resolv/nss_dns/dns-host.c | 11 ++++++++--- 2 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/resolv/gethnamaddr.c b/resolv/gethnamaddr.c index 9e0c498..ae55fac 100644 --- a/resolv/gethnamaddr.c +++ b/resolv/gethnamaddr.c @@ -349,10 +349,18 @@ getanswer (const querybuf answer, int anslen, const char qname, int qtype) continue; } if (type != qtype) { - syslog(LOG_NOTICE|LOG_AUTH, + / Skip logging if we received a DNAME when we have set + * the DO bit. DNAME records are a convenient way to + * set up DNSSEC records and such setups can make this + * log message needlessly noisy. + / + if ((_res.options & RES_USE_DNSSEC) == 0 + || type != T_DNAME) { + syslog(LOG_NOTICE|LOG_AUTH, "gethostby.getanswer: asked for "%s %s %s", got type "%s"", - qname, p_class(C_IN), p_type(qtype), - p_type(type)); + qname, p_class(C_IN), p_type(qtype), + p_type(type)); + } cp += n; continue; / XXX - had_error++ ? / } diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c index b10c94e..510d388 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -844,9 +844,14 @@ getanswer_r (const querybuf answer, int anslen, const char qname, int qtype, have_to_map = 1; else if (__glibc_unlikely (type != qtype)) { - syslog (LOG_NOTICE | LOG_AUTH, - "gethostby.getanswer: asked for "%s %s %s", got type "%s"", - qname, p_class (C_IN), p_type (qtype), p_type (type)); + / Skip logging if we received a DNAME when we have set the DO bit. + DNAME records are a convenient way to set up DNSSEC records and + such setups can make this log message needlessly noisy. / + if ((_res.options & RES_USE_DNSSEC) == 0 || type != T_DNAME) + syslog (LOG_NOTICE | LOG_AUTH, + "gethostby.getanswer: asked for "%s %s %s", " + "got type "%s"", + qname, p_class (C_IN), p_type (qtype), p_type (type)); cp += n; continue; / XXX - had_error++ ? */ }
2.1.0
Attachment:pgpKTATLobH7M.pgp
Description: PGP signature
- Follow-Ups:
- Re: [PATCH] Silence resolver logging for DNAME records when DNSSEC is enabled
* From: Carlos O'Donell - Re: [PATCH] Silence resolver logging for DNAME records when DNSSEC is enabled
* From: Florian Weimer
- Re: [PATCH] Silence resolver logging for DNAME records when DNSSEC is enabled
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |