On 11/05/2019 18:05, Kevin Darbyshire-Bryant wrote:
> From: Kevin Darbyshire-Bryant <l...@darbyshire-bryant.me.uk>
>
> Make the existing "insecure DS received" warning more informative by
> reporting the domain name reporting the issue.
>
> This may help identify a problem with a specific domain or server
> configuration.
>
> Signed-off-by: Kevin Darbyshire-Bryant <l...@darbyshire-bryant.me.uk>
> ---
> src/dnssec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/dnssec.c b/src/dnssec.c
> index 9bf43a2..5e0686c 100644
> --- a/src/dnssec.c
> +++ b/src/dnssec.c
> @@ -873,7 +873,7 @@ int dnssec_validate_ds(time_t now, struct dns_header
> *header, size_t plen, char
>
> if (rc == STAT_INSECURE)
> {
> - my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS
> servers support DNSSEC?"));
> + my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check
> domain configuration and upstream DNS server DNSSEC support"), name);
> rc = STAT_BOGUS;
> }
>
>
Patch applied..... eventually!
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
