[master] log when update-policy local gets a key match from a remote host

4788. [cleanup] When using "update-policy local", log a warning when an update matching the session key is received from a remote host. [RT #46213] - this completes change #4762.
2025-08-31 06:25:31 +00:00 · 2017-10-25 00:58:00 -07:00
parent 910a01550a
commit aebdc6cd7d
5 changed files with 18 additions and 1 deletions
--- a/lib/dns/ssu.c
+++ b/lib/dns/ssu.c
@@ -425,12 +425,21 @@ dns_ssutable_checkrules2(dns_ssutable_t *table, const dns_name_t *signer,
 				continue;
 			}
 			if (!dns_name_issubdomain(name, rule->name)) {
-
 				continue;
 			}
 			dns_acl_match(addr, NULL, env->localhost,
 				      NULL, &match, NULL);
 			if (match == 0) {
+				if (signer != NULL) {
+					isc_log_write(dns_lctx,
+						      DNS_LOGCATEGORY_GENERAL,
+						      DNS_LOGMODULE_SSU,
+						      ISC_LOG_WARNING,
+						      "update-policy local: "
+						      "match on session "
+						      "key not from "
+						      "localhost");
+				}
 				continue;
 			}
 			break;