From patchwork Fri Feb 20 10:13:03 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 441902 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id BBC8F140285 for ; Fri, 20 Feb 2015 21:13:27 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:cc:subject:message-id:references :mime-version:content-type:in-reply-to; q=dns; s=default; b=qXuI gzqMlgGwXaDiLQ/LsFgGvvbomWYZO9xowm/62n6jZixd8twNe3o3eLL6Coo/db0I u2Qz27SpyBLxaTkbD99BEjiZAFcqRuvAf2guju/72yBQ2xefNf9ZF/42LVlvvrvR oWCTPZsY8LqVcKtlLNxF4lvCoa1AEJ7265UfMnU= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:cc:subject:message-id:references :mime-version:content-type:in-reply-to; s=default; bh=i7sBGAzHaD IZra+o3k/t3RcCgG8=; b=duW4JFjXx3RI6mSVu3A5HJhfMnNOWS8HxhL6RA5Nu+ 4ju14m8FbAQ5K1YXkNTHv/9fXp3spRcrMaV3Ce6WSnLS8m1S+vnLtoeBBvZqWro3 se19EFssGjKsT4QWVCX7XzhZG3apVQMoypFYvx8r3tHO3+5Evl5DHaR6nssamrd3 g= Received: (qmail 27299 invoked by alias); 20 Feb 2015 10:13:21 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 27289 invoked by uid 89); 20 Feb 2015 10:13:20 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.3 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 X-HELO: mx1.redhat.com Date: Fri, 20 Feb 2015 15:43:03 +0530 From: Siddhesh Poyarekar To: Florian Weimer Cc: libc-alpha@sourceware.org, carlos@redhat.com Subject: Re: [PATCH] Silence resolver logging for DNAME records when DNSSEC is enabled Message-ID: <20150220101303.GQ1594@spoyarek.pnq.redhat.com> References: <20150219190506.GA20188@spoyarek.pnq.redhat.com> <54E6EC01.1060906@redhat.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <54E6EC01.1060906@redhat.com> User-Agent: Mutt/1.5.23 (2014-03-12) On Fri, Feb 20, 2015 at 09:10:41AM +0100, Florian Weimer wrote: > Can we remove the logging altogether? Or at least for the > RES_USE_DNSSEC case? > > The DO bit essentially means, “I'm fine with receiving unknown RR > types”, it's not really related to DNSSEC. The reason for that is the > fact that the DNSSEC protocol was changed twice (once for DNSSECbis, > which is completely unrecognizable to the previous implementation, and > once for NSEC3), and the flag was reused. > > So unless there is a compelling reason for logging this information, > I'd say just remove it. Thanks for the context. I wasn't sure about removing the logging altogether, but if it is going to be such a pain for DNSSEC, we might as well silence it. How is this then? Siddhesh [BZ #14841] * resolv/gethnamaddr.c (getanswer): Skip logging if RES_USE_DNSSEC is set. * resolv/nss_dns/dns-host.c (getanswer_r): Likewise. diff --git a/resolv/gethnamaddr.c b/resolv/gethnamaddr.c index a861a84..0fe2ad9 100644 --- a/resolv/gethnamaddr.c +++ b/resolv/gethnamaddr.c @@ -331,23 +331,16 @@ getanswer (const querybuf *answer, int anslen, const char *qname, int qtype) buflen -= n; continue; } - if ((type == T_SIG) || (type == T_KEY) || (type == T_NXT)) { - /* We don't support DNSSEC yet. For now, ignore - * the record and send a low priority message - * to syslog. - */ - syslog(LOG_DEBUG|LOG_AUTH, - "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"", - qname, p_class(C_IN), p_type(qtype), - p_type(type)); - cp += n; - continue; - } if (type != qtype) { - syslog(LOG_NOTICE|LOG_AUTH, + /* Log a low priority message if we get an unexpected + * record, but skip it if we are using DNSSEC. + */ + if ((_res.options & RES_USE_DNSSEC) == 0) { + syslog(LOG_NOTICE|LOG_AUTH, "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"", - qname, p_class(C_IN), p_type(qtype), - p_type(type)); + qname, p_class(C_IN), p_type(qtype), + p_type(type)); + } cp += n; continue; /* XXX - had_error++ ? */ } diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c index f715ab0..5afc955 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -820,26 +820,18 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, linebuflen -= n; continue; } - if (__builtin_expect (type == T_SIG, 0) - || __builtin_expect (type == T_KEY, 0) - || __builtin_expect (type == T_NXT, 0)) - { - /* We don't support DNSSEC yet. For now, ignore the record - and send a low priority message to syslog. */ - syslog (LOG_DEBUG | LOG_AUTH, - "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"", - qname, p_class (C_IN), p_type(qtype), p_type (type)); - cp += n; - continue; - } if (type == T_A && qtype == T_AAAA && map) have_to_map = 1; else if (__glibc_unlikely (type != qtype)) { - syslog (LOG_NOTICE | LOG_AUTH, - "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"", - qname, p_class (C_IN), p_type (qtype), p_type (type)); + /* Log a low priority message if we get an unexpected record, but + skip it if we are using DNSSEC. */ + if ((_res.options & RES_USE_DNSSEC) == 0) + syslog (LOG_NOTICE | LOG_AUTH, + "gethostby*.getanswer: asked for \"%s %s %s\", " + "got type \"%s\"", + qname, p_class (C_IN), p_type (qtype), p_type (type)); cp += n; continue; /* XXX - had_error++ ? */ }