aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/dnsmasq/patches
diff options
context:
space:
mode:
authorKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>2019-05-11 16:17:45 +0100
committerKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>2019-07-25 12:29:08 +0100
commitcd91f2327ffb06a41129a35ae7be1e7923a78d74 (patch)
tree0cc7645745e65f49e43f4c30ff40988070b65d03 /package/network/services/dnsmasq/patches
parente9eec39aacde450ba87598d85987b374ce6aed95 (diff)
downloadupstream-cd91f2327ffb06a41129a35ae7be1e7923a78d74.tar.gz
upstream-cd91f2327ffb06a41129a35ae7be1e7923a78d74.tar.bz2
upstream-cd91f2327ffb06a41129a35ae7be1e7923a78d74.zip
dnsmasq: improve insecure DS warning
Log the failing domain in the insecure DS warning. Patch has been sent upstream. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/network/services/dnsmasq/patches')
-rw-r--r--package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch b/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch
new file mode 100644
index 0000000000..e3ef604918
--- /dev/null
+++ b/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch
@@ -0,0 +1,27 @@
+From a1030c159e28bbfa966799e7b9a86081398d6352 Mon Sep 17 00:00:00 2001
+From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+Date: Sat, 11 May 2019 16:04:56 +0100
+Subject: [PATCH] dnssec: add hostname info to insecure DS warning
+
+Make the existing "insecure DS received" warning more informative by
+reporting the domain name reporting the issue.
+
+This may help identify a problem with a specific domain or server
+configuration.
+
+Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+---
+ src/dnssec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/dnssec.c
++++ b/src/dnssec.c
+@@ -873,7 +873,7 @@ int dnssec_validate_ds(time_t now, struc
+
+ if (rc == STAT_INSECURE)
+ {
+- my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?"));
++ my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name);
+ rc = STAT_BOGUS;
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-09 19:29:09 +0000