diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-01-10 03:34:44 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-01-10 18:10:32 +0100 |
| commit | a72cf22d065630da74cf8aee12d8a2a23fcfefb6 (patch) | |
| tree | c9e619f75d8aa1ca4febe1b501d432c6b206b1ac /src/resolve/resolved-dns-transaction.c | |
| parent | resolvectl: use JSON_ALLOW_EXTENSIONS (diff) | |
| download | systemd-a72cf22d065630da74cf8aee12d8a2a23fcfefb6.tar.xz systemd-a72cf22d065630da74cf8aee12d8a2a23fcfefb6.zip | |
resolve: introduce DNSSEC_UPSTREAM_FAILURE
and include EDE code and message in the error messages.
This replaces 9ca133e97a0c8795b1f293ccea4965b4ad1accc4, and implements
originally suggested at
https://github.com/systemd/systemd/pull/30513#discussion_r1433823737
Diffstat (limited to 'src/resolve/resolved-dns-transaction.c')
| -rw-r--r-- | src/resolve/resolved-dns-transaction.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index aabaa12944..4ec58dc1c8 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -888,8 +888,21 @@ static int dns_transaction_dnssec_ready(DnsTransaction *t) { /* We handle DNSSEC failures different from other errors, as we care about the DNSSEC * validation result */ - log_debug("Auxiliary DNSSEC RR query failed validation: %s", dnssec_result_to_string(dt->answer_dnssec_result)); - t->answer_dnssec_result = dt->answer_dnssec_result; /* Copy error code over */ + log_debug("Auxiliary DNSSEC RR query failed validation: %s%s%s%s%s%s", + dnssec_result_to_string(dt->answer_dnssec_result), + dt->answer_ede_rcode >= 0 ? " (" : "", + dt->answer_ede_rcode >= 0 ? FORMAT_DNS_EDE_RCODE(dt->answer_ede_rcode) : "", + (dt->answer_ede_rcode >= 0 && !isempty(dt->answer_ede_msg)) ? ": " : "", + dt->answer_ede_rcode >= 0 ? strempty(dt->answer_ede_msg) : "", + dt->answer_ede_rcode >= 0 ? ")" : ""); + + /* Copy error code over */ + t->answer_dnssec_result = dt->answer_dnssec_result; + t->answer_ede_rcode = dt->answer_ede_rcode; + r = free_and_strdup(&t->answer_ede_msg, dt->answer_ede_msg); + if (r < 0) + log_oom_debug(); + dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED); return 0; @@ -1226,6 +1239,8 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt FORMAT_DNS_EDE_RCODE(t->answer_ede_rcode), isempty(t->answer_ede_msg) ? "" : ": ", strempty(t->answer_ede_msg)); + + t->answer_dnssec_result = DNSSEC_UPSTREAM_FAILURE; dns_transaction_complete(t, DNS_TRANSACTION_DNSSEC_FAILED); return; } |