diff options
author | Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | 2019-05-11 16:17:45 +0100 |
---|---|---|
committer | Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | 2019-07-25 12:29:08 +0100 |
commit | cd91f2327ffb06a41129a35ae7be1e7923a78d74 (patch) | |
tree | 0cc7645745e65f49e43f4c30ff40988070b65d03 /package/network | |
parent | e9eec39aacde450ba87598d85987b374ce6aed95 (diff) | |
download | upstream-cd91f2327ffb06a41129a35ae7be1e7923a78d74.tar.gz upstream-cd91f2327ffb06a41129a35ae7be1e7923a78d74.tar.bz2 upstream-cd91f2327ffb06a41129a35ae7be1e7923a78d74.zip |
dnsmasq: improve insecure DS warning
Log the failing domain in the insecure DS warning.
Patch has been sent upstream.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/network')
-rw-r--r-- | package/network/services/dnsmasq/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch | 27 |
2 files changed, 28 insertions, 1 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index dc20ada292..ad95ccd65d 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_UPSTREAM_VERSION:=2.80 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) -PKG_RELEASE:=14 +PKG_RELEASE:=16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch b/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch new file mode 100644 index 0000000000..e3ef604918 --- /dev/null +++ b/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch @@ -0,0 +1,27 @@ +From a1030c159e28bbfa966799e7b9a86081398d6352 Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> +Date: Sat, 11 May 2019 16:04:56 +0100 +Subject: [PATCH] dnssec: add hostname info to insecure DS warning + +Make the existing "insecure DS received" warning more informative by +reporting the domain name reporting the issue. + +This may help identify a problem with a specific domain or server +configuration. + +Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> +--- + src/dnssec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -873,7 +873,7 @@ int dnssec_validate_ds(time_t now, struc + + if (rc == STAT_INSECURE) + { +- my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?")); ++ my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name); + rc = STAT_BOGUS; + } + |