mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

Don't log NSDNAME failures as NSIP (#45052)

Browse Source
This commit is contained in:
Mukund Sivaraman
2017-06-12 14:01:40 +05:30
parent 255f5ba5b2
commit 2c11da8441
2 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
4635. [bug] Fix RPZ NSDNAME logging that was logging
failures as NSIP. [RT #45052]
4634. [contrib] check5011.pl needs to handle optional space before 4634. [contrib] check5011.pl needs to handle optional space before
semi-colon in +multi-line output. [RT #45352] semi-colon in +multi-line output. [RT #45352]

35
bin/named/query.c
View File

@@ -1264,12 +1264,16 @@ rpz_log_rewrite(ns_client_t *client, isc_boolean_t disabled,
} }
static void static void
rpz_log_fail(ns_client_t *client, int level, dns_name_t *p_name, rpz_log_fail_helper(ns_client_t *client, int level, dns_name_t *p_name,
dns_rpz_type_t rpz_type, const char *str, isc_result_t result) dns_rpz_type_t rpz_type1, dns_rpz_type_t rpz_type2,
const char *str, isc_result_t result)
{ {
char qnamebuf[DNS_NAME_FORMATSIZE]; char qnamebuf[DNS_NAME_FORMATSIZE];
char p_namebuf[DNS_NAME_FORMATSIZE]; char p_namebuf[DNS_NAME_FORMATSIZE];
const char *failed; const char *failed;
const char *slash;
const char *rpztypestr1;
const char *rpztypestr2;
if (!isc_log_wouldlog(ns_g_lctx, level)) if (!isc_log_wouldlog(ns_g_lctx, level))
return; return;
@@ -1281,16 +1285,34 @@ rpz_log_fail(ns_client_t *client, int level, dns_name_t *p_name,
failed = "failed: "; failed = "failed: ";
else else
failed = ": "; failed = ": ";
rpztypestr1 = dns_rpz_type2str(rpz_type1);
if (rpz_type2 != DNS_RPZ_TYPE_BAD) {
slash = "/";
rpztypestr2 = dns_rpz_type2str(rpz_type2);
} else {
slash = "";
rpztypestr2 = "";
}
dns_name_format(client->query.qname, qnamebuf, sizeof(qnamebuf)); dns_name_format(client->query.qname, qnamebuf, sizeof(qnamebuf));
dns_name_format(p_name, p_namebuf, sizeof(p_namebuf)); dns_name_format(p_name, p_namebuf, sizeof(p_namebuf));
ns_client_log(client, NS_LOGCATEGORY_QUERY_ERRORS, ns_client_log(client, NS_LOGCATEGORY_QUERY_ERRORS,
NS_LOGMODULE_QUERY, level, NS_LOGMODULE_QUERY, level,
"rpz %s rewrite %s via %s%s%s%s", "rpz %s%s%s rewrite %s via %s%s%s%s",
dns_rpz_type2str(rpz_type), rpztypestr1, slash, rpztypestr2,
qnamebuf, p_namebuf, qnamebuf, p_namebuf,
str, failed, isc_result_totext(result)); str, failed, isc_result_totext(result));
} }
static void
rpz_log_fail(ns_client_t *client, int level, dns_name_t *p_name,
dns_rpz_type_t rpz_type, const char *str, isc_result_t result)
{
rpz_log_fail_helper(client, level, p_name,
rpz_type, DNS_RPZ_TYPE_BAD, str, result);
}
/* /*
* Get a policy rewrite zone database. * Get a policy rewrite zone database.
*/ */
@@ -3469,8 +3491,9 @@ rpz_rewrite_ns_skip(ns_client_t *client, dns_name_t *nsname,
st = client->query.rpz_st; st = client->query.rpz_st;
if (str != NULL) if (str != NULL)
rpz_log_fail(client, level, nsname, DNS_RPZ_TYPE_NSIP, rpz_log_fail_helper(client, level, nsname,
str, result); DNS_RPZ_TYPE_NSIP, DNS_RPZ_TYPE_NSDNAME,
str, result);
if (st->r.ns_rdataset != NULL && if (st->r.ns_rdataset != NULL &&
dns_rdataset_isassociated(st->r.ns_rdataset)) dns_rdataset_isassociated(st->r.ns_rdataset))
dns_rdataset_disassociate(st->r.ns_rdataset); dns_rdataset_disassociate(st->r.ns_rdataset);