diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 10:41:58 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 10:41:58 +0000 |
commit | 1852910ef0fd7393da62b88aee66ee092208748e (patch) | |
tree | ad3b659dbbe622b58a5bda4fe0b5e1d80eee9277 /modules/bogus_log/README.rst | |
parent | Initial commit. (diff) | |
download | knot-resolver-1852910ef0fd7393da62b88aee66ee092208748e.tar.xz knot-resolver-1852910ef0fd7393da62b88aee66ee092208748e.zip |
Adding upstream version 5.3.1.upstream/5.3.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/bogus_log/README.rst')
-rw-r--r-- | modules/bogus_log/README.rst | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/modules/bogus_log/README.rst b/modules/bogus_log/README.rst new file mode 100644 index 0000000..b3ed40e --- /dev/null +++ b/modules/bogus_log/README.rst @@ -0,0 +1,43 @@ +.. SPDX-License-Identifier: GPL-3.0-or-later + +.. _mod-bogus_log: + +DNSSEC validation failure logging +================================= + +This module adds error message for each DNSSEC validation failure. +It is meant to provide hint to operators which queries should be +investigated using diagnostic tools like DNSViz_. + +Add following line to your configuration file to enable it: + +.. code-block:: lua + + modules.load('bogus_log') + +Example of error message logged by this module: + +.. code-block:: none + + DNSSEC validation failure dnssec-failed.org. DNSKEY + +.. _DNSViz: http://dnsviz.net/ + +List of most frequent queries which fail as DNSSEC bogus can be obtained at run-time: + +.. code-block:: lua + + > bogus_log.frequent() + [1] => { + [type] => DNSKEY + [count] => 1 + [name] => dnssec-failed.org. + } + [2] => { + [type] => DNSKEY + [count] => 13 + [name] => rhybar.cz. + } + +Please note that in future this module might be replaced +with some other way to log this information. |