openwrt/dnsmasq
1
0
Fork 0
mirror of https://github.com/infinet/dnsmasq.git synced 2025-05-09 01:20:59 +08:00
Code Issues Releases Wiki Activity

Add logging for DNS error returns from upstream and local configuration.

Browse Source
This commit is contained in:
Simon Kelley 2018-05-04 21:52:22 +01:00
parent 0669ee7a69
commit 07ed585c38
4 changed files with 52 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/cache.c
View File

@ -1598,6 +1598,19 @@ void log_query(unsigned int flags, char *name, struct all_addr *addr, char *arg)
{
if (flags & F_KEYTAG)
sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest);
else if (flags & F_RCODE)
{
unsigned int rcode = addr->addr.rcode.rcode;
if (rcode == SERVFAIL)
dest = "SERVFAIL";
else if (rcode == REFUSED)
dest = "REFUSED";
else if (rcode == NOTIMP)
dest = "not implemented";
else
sprintf(daemon->addrbuff, "%u", rcode);
}
else
{
#ifdef HAVE_IPV6

7
src/dnsmasq.h
View File

@ -268,7 +268,11 @@ struct all_addr {
/* for log_query */
struct {
unsigned short keytag, algo, digest;
} log;
} log;
/* for log_query */
struct {
unsigned int rcode;
} rcode;
/* for cache_insert of DNSKEY, DS */
struct {
unsigned short class, type;
@ -459,6 +463,7 @@ struct crec {
#define F_IPSET (1u<<26)
#define F_NOEXTRA (1u<<27)
#define F_SERVFAIL (1u<<28)
#define F_RCODE (1u<<29)
/* Values of uid in crecs with F_CONFIG bit set. */
#define SRC_INTERFACE 0

25
src/forward.c
View File

@ -563,6 +563,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
unsigned char *pheader, *sizep;
char **sets = 0;
int munged = 0, is_sign;
unsigned int rcode = RCODE(header);
size_t plen;
(void)ad_reqd;
@ -593,6 +594,9 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign, NULL)))
{
/* Get extended RCODE. */
rcode |= sizep[2] << 4;
if (check_subnet && !check_source(header, plen, pheader, query_source))
{
my_syslog(LOG_WARNING, _("discarding DNS reply: subnet option mismatch"));
@ -641,11 +645,20 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
if (!is_sign && !option_bool(OPT_DNSSEC_PROXY))
header->hb4 &= ~HB4_AD;
if (OPCODE(header) != QUERY || (RCODE(header) != NOERROR && RCODE(header) != NXDOMAIN))
if (OPCODE(header) != QUERY)
return resize_packet(header, n, pheader, plen);
if (rcode != NOERROR && rcode != NXDOMAIN)
{
struct all_addr a;
a.addr.rcode.rcode = rcode;
log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL);
return resize_packet(header, n, pheader, plen);
}
/* Complain loudly if the upstream server is non-recursive. */
if (!(header->hb4 & HB4_RA) && RCODE(header) == NOERROR &&
if (!(header->hb4 & HB4_RA) && rcode == NOERROR &&
server && !(server->flags & SERV_WARNED_RECURSIVE))
{
prettyprint_addr(&server->addr, daemon->namebuff);
@ -654,7 +667,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
server->flags |= SERV_WARNED_RECURSIVE;
}
if (daemon->bogus_addr && RCODE(header) != NXDOMAIN &&
if (daemon->bogus_addr && rcode != NXDOMAIN &&
check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now))
{
munged = 1;
@ -666,7 +679,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
{
int doctored = 0;
if (RCODE(header) == NXDOMAIN &&
if (rcode == NXDOMAIN &&
extract_request(header, n, daemon->namebuff, NULL) &&
check_for_local_domain(daemon->namebuff, now))
{
@ -1090,7 +1103,7 @@ void reply_query(int fd, int family, time_t now)
if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
domain = daemon->namebuff;
log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
log_query(F_SECSTAT, domain, NULL, result);
}
if (status == STAT_SECURE)
@ -1948,7 +1961,7 @@ unsigned char *tcp_request(int confd, time_t now,
if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
domain = daemon->namebuff;
log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
log_query(F_SECSTAT, domain, NULL, result);
if (status == STAT_BOGUS)
{

19
src/rfc1035.c
View File

@ -926,12 +926,11 @@ unsigned int extract_request(struct dns_header *header, size_t qlen, char *name,
return F_QUERY;
}
size_t setup_reply(struct dns_header *header, size_t qlen,
struct all_addr *addrp, unsigned int flags, unsigned long ttl)
{
unsigned char *p;
if (!(p = skip_questions(header, qlen)))
return 0;
@ -948,7 +947,12 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
else if (flags == F_NXDOMAIN)
SET_RCODE(header, NXDOMAIN);
else if (flags == F_SERVFAIL)
SET_RCODE(header, SERVFAIL);
{
struct all_addr a;
a.addr.rcode.rcode = SERVFAIL;
log_query(F_CONFIG | F_RCODE, "error", &a, NULL);
SET_RCODE(header, SERVFAIL);
}
else if (flags == F_IPV4)
{ /* we know the address */
SET_RCODE(header, NOERROR);
@ -966,8 +970,13 @@ size_t setup_reply(struct dns_header *header, size_t qlen,
}
#endif
else /* nowhere to forward to */
SET_RCODE(header, REFUSED);
{
struct all_addr a;
a.addr.rcode.rcode = REFUSED;
log_query(F_CONFIG | F_RCODE, "error", &a, NULL);
SET_RCODE(header, REFUSED);
}
return p - (unsigned char *)header;
}