Hey Simon, On Tue, 2021-08-31 at 21:09 +0100, Simon Kelley wrote: > I've tagged 2.86rc2. I've systematically tested the affected code, > and we're dog-fooding it now. It would be good to get as much other > testing in as possible before the 2.86.
We have automated CI testing putting a lot of queries (and different query types) through it and nothing unexpected happened. We've added the patch into our beta testing so we have at least a few dozen additional testers of the new code on our side, too. I've seen two minor things but this is really nit-picky: > dig TYPE65 https.dns.netmeister.org leads to > reply https.dns.netmeister.org is type=65 whereas I'd consider > reply https.dns.netmeister.org is [type=65] slightly more elegant because it is the type of the reply, not the content. The necessary change would be querystr(NULL, aqtype) -> querystr("", aqtype) in the "else" branch of "if (aqtype == T_TXT)" but that's entirely your call. Also, DNSSEC signed TXT records were not logged as such with log- queries=extra. print_txt() needs secflag for this. Patch attached. I'll report back if anything odd comes up. Silence will be a good thing. Best, Dominik
From 9f9e0ca1f0458d2bce3b3d364ded1694996cd465 Mon Sep 17 00:00:00 2001 From: Dominik DL6ER <dl...@dl6er.de> Date: Wed, 1 Sep 2021 13:37:55 +0200 Subject: [PATCH] Print "(DNSSEC signed)" for signed TXT records when log-queries=extra. Signed-off-by: Dominik DL6ER <dl...@dl6er.de> --- src/rfc1035.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/rfc1035.c b/src/rfc1035.c index bf8c163..7f05be7 100644 --- a/src/rfc1035.c +++ b/src/rfc1035.c @@ -503,7 +503,7 @@ static int find_soa(struct dns_header *header, size_t qlen, int *doctored) /* Print TXT reply to log */ static int print_txt(struct dns_header *header, const size_t qlen, char *name, - unsigned char *p, const int ardlen) + unsigned char *p, const int ardlen, int secflag) { unsigned char *p1 = p; if (!CHECK_LEN(header, p1, qlen, ardlen)) @@ -526,7 +526,7 @@ static int print_txt(struct dns_header *header, const size_t qlen, char *name, } *p3 = 0; - log_query(F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1); + log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1); /* restore */ memmove(p1 + 1, p1, i); *p1 = len; @@ -544,7 +544,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t int secure, int *doctored) { unsigned char *p, *p1, *endrr, *namep; - int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0; + int j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0; unsigned long ttl = 0; union all_addr addr; #ifdef HAVE_IPSET @@ -865,7 +865,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t if (aqtype == T_TXT) { - if (!print_txt(header, qlen, name, p1, ardlen)) + if (!print_txt(header, qlen, name, p1, ardlen, secflag)) return 0; } else -- 2.25.1
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss