mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-22 19:00:07 +00:00
Skip logging for DNSSEC responses [BZ 14841]
DNSSEC defines a number of response types that one me expect when the DO bit is set. We don't process any of them, but since we do allow setting the DO bit, skip them without logging an error since it is only a nuisance. Tested on x86_64. [BZ #14841] * resolv/gethnamaddr.c (getanswer): Skip logging if RES_USE_DNSSEC is set. * resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
This commit is contained in:
parent
9813dd5835
commit
3e3002ffea
@ -1,3 +1,10 @@
|
|||||||
|
2015-02-24 Siddhesh Poyarekar <siddhesh@redhat.com>
|
||||||
|
|
||||||
|
[BZ #14841]
|
||||||
|
* resolv/gethnamaddr.c (getanswer): Skip logging if
|
||||||
|
RES_USE_DNSSEC is set.
|
||||||
|
* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
|
||||||
|
|
||||||
2015-02-24 Mike Frysinger <vapier@gentoo.org>
|
2015-02-24 Mike Frysinger <vapier@gentoo.org>
|
||||||
|
|
||||||
* sysdeps/unix/sysv/linux/hppa/sysdep.h: Include dl-sysdep.h.
|
* sysdeps/unix/sysv/linux/hppa/sysdep.h: Include dl-sysdep.h.
|
||||||
|
6
NEWS
6
NEWS
@ -9,9 +9,9 @@ Version 2.22
|
|||||||
|
|
||||||
* The following bugs are resolved with this release:
|
* The following bugs are resolved with this release:
|
||||||
|
|
||||||
4719, 13064, 14094, 15319, 15467, 15790, 16560, 17269, 17569, 17588,
|
4719, 14841, 13064, 14094, 15319, 15467, 15790, 16560, 17269, 17569,
|
||||||
17792, 17836, 17912, 17932, 17944, 17949, 17964, 17965, 17967, 17969,
|
17588, 17792, 17836, 17912, 17932, 17944, 17949, 17964, 17965, 17967,
|
||||||
17978, 17987, 17991, 17996, 17998, 17999.
|
17969, 17978, 17987, 17991, 17996, 17998, 17999.
|
||||||
|
|
||||||
* Character encoding and ctype tables were updated to Unicode 7.0.0, using
|
* Character encoding and ctype tables were updated to Unicode 7.0.0, using
|
||||||
new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
|
new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
|
||||||
|
@ -331,23 +331,18 @@ getanswer (const querybuf *answer, int anslen, const char *qname, int qtype)
|
|||||||
buflen -= n;
|
buflen -= n;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if ((type == T_SIG) || (type == T_KEY) || (type == T_NXT)) {
|
|
||||||
/* We don't support DNSSEC yet. For now, ignore
|
|
||||||
* the record and send a low priority message
|
|
||||||
* to syslog.
|
|
||||||
*/
|
|
||||||
syslog(LOG_DEBUG|LOG_AUTH,
|
|
||||||
"gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
|
|
||||||
qname, p_class(C_IN), p_type(qtype),
|
|
||||||
p_type(type));
|
|
||||||
cp += n;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
if (type != qtype) {
|
if (type != qtype) {
|
||||||
syslog(LOG_NOTICE|LOG_AUTH,
|
/* Log a low priority message if we get an unexpected
|
||||||
|
* record, but skip it if we are using DNSSEC since it
|
||||||
|
* uses many different types in responses that do not
|
||||||
|
* match QTYPE.
|
||||||
|
*/
|
||||||
|
if ((_res.options & RES_USE_DNSSEC) == 0) {
|
||||||
|
syslog(LOG_NOTICE|LOG_AUTH,
|
||||||
"gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
|
"gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
|
||||||
qname, p_class(C_IN), p_type(qtype),
|
qname, p_class(C_IN), p_type(qtype),
|
||||||
p_type(type));
|
p_type(type));
|
||||||
|
}
|
||||||
cp += n;
|
cp += n;
|
||||||
continue; /* XXX - had_error++ ? */
|
continue; /* XXX - had_error++ ? */
|
||||||
}
|
}
|
||||||
|
@ -820,26 +820,19 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
|
|||||||
linebuflen -= n;
|
linebuflen -= n;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (__builtin_expect (type == T_SIG, 0)
|
|
||||||
|| __builtin_expect (type == T_KEY, 0)
|
|
||||||
|| __builtin_expect (type == T_NXT, 0))
|
|
||||||
{
|
|
||||||
/* We don't support DNSSEC yet. For now, ignore the record
|
|
||||||
and send a low priority message to syslog. */
|
|
||||||
syslog (LOG_DEBUG | LOG_AUTH,
|
|
||||||
"gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
|
|
||||||
qname, p_class (C_IN), p_type(qtype), p_type (type));
|
|
||||||
cp += n;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (type == T_A && qtype == T_AAAA && map)
|
if (type == T_A && qtype == T_AAAA && map)
|
||||||
have_to_map = 1;
|
have_to_map = 1;
|
||||||
else if (__glibc_unlikely (type != qtype))
|
else if (__glibc_unlikely (type != qtype))
|
||||||
{
|
{
|
||||||
syslog (LOG_NOTICE | LOG_AUTH,
|
/* Log a low priority message if we get an unexpected record, but
|
||||||
"gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
|
skip it if we are using DNSSEC since it uses many different types
|
||||||
qname, p_class (C_IN), p_type (qtype), p_type (type));
|
in responses that do not match QTYPE. */
|
||||||
|
if ((_res.options & RES_USE_DNSSEC) == 0)
|
||||||
|
syslog (LOG_NOTICE | LOG_AUTH,
|
||||||
|
"gethostby*.getanswer: asked for \"%s %s %s\", "
|
||||||
|
"got type \"%s\"",
|
||||||
|
qname, p_class (C_IN), p_type (qtype), p_type (type));
|
||||||
cp += n;
|
cp += n;
|
||||||
continue; /* XXX - had_error++ ? */
|
continue; /* XXX - had_error++ ? */
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user