Hey Simon,
On Tue, 2021-08-31 at 21:09 +0100, Simon Kelley wrote:
> I've tagged 2.86rc2. I've systematically tested the affected code,
> and we're dog-fooding it now. It would be good to get as much other
> testing in as possible before the 2.86.
We have automated CI testing putting a lot of queries (and different
query types) through it and nothing unexpected happened.
We've added the patch into our beta testing so we have at least a few
dozen additional testers of the new code on our side, too.
I've seen two minor things but this is really nit-picky:
> dig TYPE65 https.dns.netmeister.org
leads to
> reply https.dns.netmeister.org is type=65
whereas I'd consider
> reply https.dns.netmeister.org is [type=65]
slightly more elegant because it is the type of the reply, not the
content. The necessary change would be querystr(NULL, aqtype) ->
querystr("", aqtype) in the "else" branch of "if (aqtype == T_TXT)" but
that's entirely your call.
Also, DNSSEC signed TXT records were not logged as such with log-
queries=extra. print_txt() needs secflag for this. Patch attached.
I'll report back if anything odd comes up. Silence will be a good
thing.
Best,
Dominik
From 9f9e0ca1f0458d2bce3b3d364ded1694996cd465 Mon Sep 17 00:00:00 2001
From: Dominik DL6ER <dl...@dl6er.de>
Date: Wed, 1 Sep 2021 13:37:55 +0200
Subject: [PATCH] Print "(DNSSEC signed)" for signed TXT records when
log-queries=extra.
Signed-off-by: Dominik DL6ER <dl...@dl6er.de>
---
src/rfc1035.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/rfc1035.c b/src/rfc1035.c
index bf8c163..7f05be7 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -503,7 +503,7 @@ static int find_soa(struct dns_header *header, size_t qlen, int *doctored)
/* Print TXT reply to log */
static int print_txt(struct dns_header *header, const size_t qlen, char *name,
- unsigned char *p, const int ardlen)
+ unsigned char *p, const int ardlen, int secflag)
{
unsigned char *p1 = p;
if (!CHECK_LEN(header, p1, qlen, ardlen))
@@ -526,7 +526,7 @@ static int print_txt(struct dns_header *header, const size_t qlen, char *name,
}
*p3 = 0;
- log_query(F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1);
+ log_query(secflag | F_FORWARD | F_UPSTREAM, name, NULL, (char*)p1);
/* restore */
memmove(p1 + 1, p1, i);
*p1 = len;
@@ -544,7 +544,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
int secure, int *doctored)
{
unsigned char *p, *p1, *endrr, *namep;
- int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
+ int j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
unsigned long ttl = 0;
union all_addr addr;
#ifdef HAVE_IPSET
@@ -865,7 +865,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
if (aqtype == T_TXT)
{
- if (!print_txt(header, qlen, name, p1, ardlen))
+ if (!print_txt(header, qlen, name, p1, ardlen, secflag))
return 0;
}
else
--
2.25.1
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
