This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Skip logging for additional DNSSEC records from RFC4034 [BZ 14841]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>, libc-alpha at sourceware dot org
- Cc: carlos at redhat dot com
- Date: Fri, 20 Feb 2015 09:12:54 +0100
- Subject: Re: [PATCH] Skip logging for additional DNSSEC records from RFC4034 [BZ 14841]
- Authentication-results: sourceware.org; auth=none
- References: <20150219170031 dot GA14158 at spoyarek dot pnq dot redhat dot com>
On 02/19/2015 06:00 PM, Siddhesh Poyarekar wrote:
> RFC 4034 specifies 3 more record types (RRSIG, NSEC, DNSKEY) that
> the glibc resolver does not identify. The resolver would log a
> message in syslog if debugging is enabled in resolv.conf and
> RES_USE_DNSSEC is set in the _res struct. This was fine before
> since we did not set the DO bit, but we do so now, so skip logging
> the message when we have requested DNSSEC.
See my other message.
At the very least, you also need to add NSEC3.
--
Florian Weimer / Red Hat Product Security