This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Silence resolver logging for DNAME records when DNSSEC is enabled
- From: Florian Weimer <fweimer at redhat dot com>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>
- Cc: libc-alpha at sourceware dot org, carlos at redhat dot com
- Date: Fri, 20 Feb 2015 14:54:18 +0100
- Subject: Re: [PATCH] Silence resolver logging for DNAME records when DNSSEC is enabled
- Authentication-results: sourceware.org; auth=none
- References: <20150219190506 dot GA20188 at spoyarek dot pnq dot redhat dot com> <54E6EC01 dot 1060906 at redhat dot com> <20150220101303 dot GQ1594 at spoyarek dot pnq dot redhat dot com>
On 02/20/2015 11:13 AM, Siddhesh Poyarekar wrote:
> On Fri, Feb 20, 2015 at 09:10:41AM +0100, Florian Weimer wrote:
>> Can we remove the logging altogether? Or at least for the
>> RES_USE_DNSSEC case?
>>
>> The DO bit essentially means, âI'm fine with receiving unknown
>> RR typesâ, it's not really related to DNSSEC. The reason for
>> that is the fact that the DNSSEC protocol was changed twice (once
>> for DNSSECbis, which is completely unrecognizable to the previous
>> implementation, and once for NSEC3), and the flag was reused.
>>
>> So unless there is a compelling reason for logging this
>> information, I'd say just remove it.
>
> Thanks for the context. I wasn't sure about removing the logging
> altogether, but if it is going to be such a pain for DNSSEC, we
> might as well silence it. How is this then?
You are inconsistent about the space after p_class and p_type.
I noticed there is an existing bug in p_type which affects the code:
<https://sourceware.org/bugzilla/show_bug.cgi?id=18004>
Your patch looks fine, but I suggest to be more explicit the comment,
saying that DNSSEC uses many different types in responses which do not
match the QTYPE.
--
Florian Weimer / Red Hat Product Security