upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-09 01:30:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Log reason why cache peek is not available

Browse source 
Log which ACL caused RD=0 query into cache to be refused.
Expected performance impact is negligible.
This commit is contained in:
Petr Špaček 2022-08-05 15:21:35 +02:00
parent 95fc05c454
commit fdf7456643
No known key found for this signature in database
GPG key ID: ABD587CDF06581AE
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
lib/ns/query.c
View file

@ -844,6 +844,15 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name,
isc_result_t result;
if ((client->query.attributes & NS_QUERYATTR_CACHEACLOKVALID) == 0) {
enum refusal_reasons {
ALLOW_QUERY_CACHE,
ALLOW_QUERY_CACHE_ON
};
static const char *acl_desc[] = {
"allow-query-cache did not match",
"allow-query-cache-on did not match",
};
/*
* The view's cache ACLs have not yet been evaluated.
* Do it now. Both allow-query-cache and
@ -852,9 +861,11 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name,
bool log = ((options & DNS_GETDB_NOLOG) == 0);
char msg[NS_CLIENT_ACLMSGSIZE("query (cache)")];
enum refusal_reasons refusal_reason = ALLOW_QUERY_CACHE;
result = ns_client_checkaclsilent(client, NULL,
client->view->cacheacl, true);
if (result == ISC_R_SUCCESS) {
refusal_reason = ALLOW_QUERY_CACHE_ON;
result = ns_client_checkaclsilent(
client, &client->destaddr,
client->view->cacheonacl, true);
@ -890,7 +901,8 @@ query_checkcacheaccess(ns_client_t *client, const dns_name_t *name,
sizeof(msg));
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_QUERY, ISC_LOG_INFO,
"%s denied", msg);
"%s denied (%s)", msg,
acl_desc[refusal_reason]);
}
}