From cd91f2327ffb06a41129a35ae7be1e7923a78d74 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Sat, 11 May 2019 16:17:45 +0100 Subject: [PATCH] dnsmasq: improve insecure DS warning Log the failing domain in the insecure DS warning. Patch has been sent upstream. Signed-off-by: Kevin Darbyshire-Bryant --- package/network/services/dnsmasq/Makefile | 2 +- ...hostname-info-to-insecure-DS-warning.patch | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index dc20ada292..ad95ccd65d 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_UPSTREAM_VERSION:=2.80 PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION))) -PKG_RELEASE:=14 +PKG_RELEASE:=16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq diff --git a/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch b/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch new file mode 100644 index 0000000000..e3ef604918 --- /dev/null +++ b/package/network/services/dnsmasq/patches/130-dnssec-add-hostname-info-to-insecure-DS-warning.patch @@ -0,0 +1,27 @@ +From a1030c159e28bbfa966799e7b9a86081398d6352 Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant +Date: Sat, 11 May 2019 16:04:56 +0100 +Subject: [PATCH] dnssec: add hostname info to insecure DS warning + +Make the existing "insecure DS received" warning more informative by +reporting the domain name reporting the issue. + +This may help identify a problem with a specific domain or server +configuration. + +Signed-off-by: Kevin Darbyshire-Bryant +--- + src/dnssec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -873,7 +873,7 @@ int dnssec_validate_ds(time_t now, struc + + if (rc == STAT_INSECURE) + { +- my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?")); ++ my_syslog(LOG_WARNING, _("Insecure DS reply received for %s, check domain configuration and upstream DNS server DNSSEC support"), name); + rc = STAT_BOGUS; + } + -- 2.25.1