mirror of https://github.com/hak5/openwrt.git
dnsmasq: improve insecure DS warning
Log the failing domain in the insecure DS warning. Patch has been sent upstream. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>master
parent
e9eec39aac
commit
cd91f2327f
|
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
|
|||
PKG_NAME:=dnsmasq
|
||||
PKG_UPSTREAM_VERSION:=2.80
|
||||
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
|
||||
PKG_RELEASE:=14
|
||||
PKG_RELEASE:=16
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
From a1030c159e28bbfa966799e7b9a86081398d6352 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
Date: Sat, 11 May 2019 16:04:56 +0100
|
||||
Subject: [PATCH] dnssec: add hostname info to insecure DS warning
|
||||
|
||||
Make the existing "insecure DS received" warning more informative by
|
||||
reporting the domain name reporting the issue.
|
||||
|
||||
This may help identify a problem with a specific domain or server
|
||||
configuration.
|
||||
|
||||
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
||||
---
|
||||
src/dnssec.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/src/dnssec.c
|
||||
+++ b/src/dnssec.c
|
||||
@@ -873,7 +873,7 @@ int dnssec_validate_ds(time_t now, struc
|
||||
|
||||
if (rc == STAT_INSECURE)
|
||||
{
|
||||
- my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?"));
|
||||
+ my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name);
|
||||
rc = STAT_BOGUS;
|
||||
}
|
||||
|
Loading…
Reference in New Issue