This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Skip logging for additional DNSSEC records from RFC4034 [BZ 14841]

From: Florian Weimer <fweimer at redhat dot com>
To: Siddhesh Poyarekar <siddhesh at redhat dot com>, libc-alpha at sourceware dot org
Cc: carlos at redhat dot com
Date: Fri, 20 Feb 2015 09:12:54 +0100
Subject: Re: [PATCH] Skip logging for additional DNSSEC records from RFC4034 [BZ 14841]
Authentication-results: sourceware.org; auth=none
References: <20150219170031 dot GA14158 at spoyarek dot pnq dot redhat dot com>

On 02/19/2015 06:00 PM, Siddhesh Poyarekar wrote:
> RFC 4034 specifies 3 more record types (RRSIG, NSEC, DNSKEY) that
> the glibc resolver does not identify.  The resolver would log a
> message in syslog if debugging is enabled in resolv.conf and
> RES_USE_DNSSEC is set in the _res struct.  This was fine before
> since we did not set the DO bit, but we do so now, so skip logging
> the message when we have requested DNSSEC.

See my other message.

At the very least, you also need to add NSEC3.

-- 
Florian Weimer / Red Hat Product Security

References:
- [PATCH] Skip logging for additional DNSSEC records from RFC4034 [BZ 14841]
  - From: Siddhesh Poyarekar

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]