feat: add logging
This commit is contained in:
@@ -17,10 +17,10 @@ package dnssec
|
||||
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
// ./common/dnssec/validator.go
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"github.com/afonsofrancof/sdns-proxy/common/logger"
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
||||
@@ -35,7 +35,10 @@ func NewValidator(queryFunc func(string, uint16) (*dns.Msg, error)) *Validator {
|
||||
}
|
||||
|
||||
func (v *Validator) ValidateResponse(msg *dns.Msg, qname string, qtype uint16) error {
|
||||
logger.Debug("Starting DNSSEC validation for %s %s", qname, dns.TypeToString[qtype])
|
||||
|
||||
if msg == nil || len(msg.Answer) == 0 {
|
||||
logger.Debug("No result for %s %s", qname, dns.TypeToString[qtype])
|
||||
return ErrNoResult
|
||||
}
|
||||
|
||||
@@ -46,41 +49,48 @@ func (v *Validator) ValidateResponse(msg *dns.Msg, qname string, qtype uint16) e
|
||||
case *dns.RRSIG:
|
||||
if t.TypeCovered == qtype {
|
||||
rrset.RRSig = t
|
||||
logger.Debug("Found RRSIG for %s %s (keytag: %d)", qname, dns.TypeToString[qtype], t.KeyTag)
|
||||
}
|
||||
default:
|
||||
if rr.Header().Rrtype == qtype {
|
||||
rrset.RRs = append(rrset.RRs, rr)
|
||||
logger.Debug("Found RR for %s %s: %s", qname, dns.TypeToString[qtype], rr.String())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if rrset.IsEmpty() {
|
||||
logger.Debug("Empty RRSet for %s %s", qname, dns.TypeToString[qtype])
|
||||
return ErrNoResult
|
||||
}
|
||||
|
||||
if !rrset.IsSigned() {
|
||||
logger.Debug("RRSet for %s %s is not signed", qname, dns.TypeToString[qtype])
|
||||
return ErrResourceNotSigned
|
||||
}
|
||||
|
||||
// Check header integrity
|
||||
if err := rrset.CheckHeaderIntegrity(qname); err != nil {
|
||||
logger.Debug("Header integrity check failed for %s %s: %v", qname, dns.TypeToString[qtype], err)
|
||||
return err
|
||||
}
|
||||
|
||||
// Build and verify authentication chain
|
||||
signerName := rrset.SignerName()
|
||||
logger.Debug("Building authentication chain for signer: %s", signerName)
|
||||
authChain := NewAuthenticationChain()
|
||||
|
||||
if err := authChain.Populate(signerName, v.queryFunc); err != nil {
|
||||
log.Printf("Cannot populate authentication chain: %s", err)
|
||||
logger.Debug("Cannot populate authentication chain for %s: %v", signerName, err)
|
||||
return err
|
||||
}
|
||||
|
||||
if err := authChain.Verify(rrset); err != nil {
|
||||
log.Printf("DNSSEC validation failed: %s", err)
|
||||
logger.Debug("DNSSEC validation failed for %s %s: %v", qname, dns.TypeToString[qtype], err)
|
||||
return err
|
||||
}
|
||||
|
||||
logger.Debug("DNSSEC validation successful for %s %s", qname, dns.TypeToString[qtype])
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user