From: Kevin Darbyshire-Bryant <l...@darbyshire-bryant.me.uk>

Make the existing "insecure DS received" warning more informative by
reporting the domain name reporting the issue.

This may help identify a problem with a specific domain or server
configuration.

Signed-off-by: Kevin Darbyshire-Bryant <l...@darbyshire-bryant.me.uk>
---
 src/dnssec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 9bf43a2..5e0686c 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -873,7 +873,7 @@ int dnssec_validate_ds(time_t now, struct dns_header 
*header, size_t plen, char
   
   if (rc == STAT_INSECURE)
     {
-      my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS 
servers support DNSSEC?"));
+      my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check 
domain configuration and upstream DNS server DNSSEC support"), name);
       rc = STAT_BOGUS;
     }
   
-- 
2.20.1 (Apple Git-117)

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to