From f61dfddbff4c826bfcbca7b413674770546fa527 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 24 Dec 2015 00:24:10 +0100 Subject: resolved: log each dnssec failure, in a recognizable way --- src/resolve/resolved-dns-transaction.c | 8 ++++++++ src/systemd/sd-messages.h | 2 ++ 2 files changed, 10 insertions(+) diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index af6f28ea0f..f138d55ad8 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -226,6 +226,14 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) { assert(t); assert(!DNS_TRANSACTION_IS_LIVE(state)); + if (state == DNS_TRANSACTION_DNSSEC_FAILED) + log_struct(LOG_NOTICE, + LOG_MESSAGE("DNSSEC validation failed for question %s: %s", dns_transaction_key_string(t), dnssec_result_to_string(t->answer_dnssec_result)), + "DNS_TRANSACTION=%" PRIu16, t->id, + "DNS_QUESTION=%s", dns_transaction_key_string(t), + "DNSSEC_RESULT=%s", dnssec_result_to_string(t->answer_dnssec_result), + NULL); + /* Note that this call might invalidate the query. Callers * should hence not attempt to access the query or transaction * after calling this function. */ diff --git a/src/systemd/sd-messages.h b/src/systemd/sd-messages.h index 072832a916..bc658f62b0 100644 --- a/src/systemd/sd-messages.h +++ b/src/systemd/sd-messages.h @@ -86,6 +86,8 @@ _SD_BEGIN_DECLARATIONS; #define SD_MESSAGE_BOOTCHART SD_ID128_MAKE(9f,26,aa,56,2c,f4,40,c2,b1,6c,77,3d,04,79,b5,18) +#define SD_MESSAGE_DNSSEC_FAILURE SD_ID128_MAKE(16,75,d7,f1,72,17,40,98,b1,10,8b,f8,c7,dc,8f,5d) + _SD_END_DECLARATIONS; #endif -- cgit v1.2.3-54-g00ecf