dnsmasq: improve insecure DS warning
authorKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Sat, 11 May 2019 15:17:45 +0000 (16:17 +0100)
committerKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Thu, 25 Jul 2019 11:29:08 +0000 (12:29 +0100)
Log the failing domain in the insecure DS warning.

Patch has been sent upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
package/network/services/dnsmasq/Makefile
package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch [new file with mode: 0644]

index dc20ada292ab8db9aadb406fc30a828c3bd8c8ba..ad95ccd65d435b65d02bf8b3f2321f900ad666ea 100644 (file)
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=dnsmasq
 PKG_UPSTREAM_VERSION:=2.80
 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=14
+PKG_RELEASE:=16
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
diff --git a/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch b/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch
new file mode 100644 (file)
index 0000000..e3ef604
--- /dev/null
@@ -0,0 +1,27 @@
+From a1030c159e28bbfa966799e7b9a86081398d6352 Mon Sep 17 00:00:00 2001
+From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+Date: Sat, 11 May 2019 16:04:56 +0100
+Subject: [PATCH] dnssec: add hostname info to insecure DS warning
+
+Make the existing "insecure DS received" warning more informative by
+reporting the domain name reporting the issue.
+
+This may help identify a problem with a specific domain or server
+configuration.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/dnssec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -873,7 +873,7 @@ int dnssec_validate_ds(time_t now, struc
+   
+   if (rc == STAT_INSECURE)
+     {
+-      my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?"));
++      my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name);
+       rc = STAT_BOGUS;
+     }
+