resolved: log each dnssec failure, in a recognizable way

2015-12-24 00:24:10 +01:00 · 2015-12-24 00:24:10 +01:00 · f61dfddbff
parent a150ff5e4e
commit f61dfddbff
2 changed files with 10 additions and 0 deletions
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@ -226,6 +226,14 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) {
        assert(t);
        assert(!DNS_TRANSACTION_IS_LIVE(state));

+        if (state == DNS_TRANSACTION_DNSSEC_FAILED)
+                log_struct(LOG_NOTICE,
+                           LOG_MESSAGE("DNSSEC validation failed for question %s: %s", dns_transaction_key_string(t), dnssec_result_to_string(t->answer_dnssec_result)),
+                           "DNS_TRANSACTION=%" PRIu16, t->id,
+                           "DNS_QUESTION=%s", dns_transaction_key_string(t),
+                           "DNSSEC_RESULT=%s", dnssec_result_to_string(t->answer_dnssec_result),
+                           NULL);
+
        /* Note that this call might invalidate the query. Callers
         * should hence not attempt to access the query or transaction
         * after calling this function. */
--- a/src/systemd/sd-messages.h
+++ b/src/systemd/sd-messages.h
@ -86,6 +86,8 @@ _SD_BEGIN_DECLARATIONS;

 #define SD_MESSAGE_BOOTCHART        SD_ID128_MAKE(9f,26,aa,56,2c,f4,40,c2,b1,6c,77,3d,04,79,b5,18)

+#define SD_MESSAGE_DNSSEC_FAILURE   SD_ID128_MAKE(16,75,d7,f1,72,17,40,98,b1,10,8b,f8,c7,dc,8f,5d)
+
 _SD_END_DECLARATIONS;

 #endif