File: README.rst

package info (click to toggle)
knot-resolver 5.6.0-1%2Bdeb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 16,088 kB
  • sloc: javascript: 42,732; ansic: 34,753; python: 4,603; cpp: 2,107; sh: 1,883; makefile: 199; xml: 193
file content (45 lines) | stat: -rw-r--r-- 1,161 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
.. SPDX-License-Identifier: GPL-3.0-or-later

.. _mod-bogus_log:

DNSSEC validation failure logging
=================================

This module logs a message for each DNSSEC validation failure (on ``notice`` :func:`level <log_level>`).
It is meant to provide hint to operators which queries should be
investigated using diagnostic tools like DNSViz_.

Add following line to your configuration file to enable it:

.. code-block:: lua

        modules.load('bogus_log')

Example of error message logged by this module:

.. code-block:: none

        [dnssec] validation failure: dnssec-failed.org. DNSKEY

.. _DNSViz: http://dnsviz.net/

List of most frequent queries which fail as DNSSEC bogus can be obtained at run-time:

.. code-block:: lua

      > bogus_log.frequent()
      {
          {
              ['count'] = 1,
              ['name'] = 'dnssec-failed.org.',
              ['type'] = 'DNSKEY',
          },
          {
              ['count'] = 13,
              ['name'] = 'rhybar.cz.',
              ['type'] = 'DNSKEY',
          },
      }

Please note that in future this module might be replaced
with some other way to log this information.