From 830407e88f9d40d954356c3754f2647f91d5c06a Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 17:26:00 +0200
Subject: Adding upstream version 5.6.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 modules/bogus_log/README.rst | 45 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 modules/bogus_log/README.rst

(limited to 'modules/bogus_log/README.rst')

diff --git a/modules/bogus_log/README.rst b/modules/bogus_log/README.rst
new file mode 100644
index 0000000..d60c278
--- /dev/null
+++ b/modules/bogus_log/README.rst
@@ -0,0 +1,45 @@
+.. SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _mod-bogus_log:
+
+DNSSEC validation failure logging
+=================================
+
+This module logs a message for each DNSSEC validation failure (on ``notice`` :func:`level <log_level>`).
+It is meant to provide hint to operators which queries should be
+investigated using diagnostic tools like DNSViz_.
+
+Add following line to your configuration file to enable it:
+
+.. code-block:: lua
+
+        modules.load('bogus_log')
+
+Example of error message logged by this module:
+
+.. code-block:: none
+
+        [dnssec] validation failure: dnssec-failed.org. DNSKEY
+
+.. _DNSViz: http://dnsviz.net/
+
+List of most frequent queries which fail as DNSSEC bogus can be obtained at run-time:
+
+.. code-block:: lua
+
+      > bogus_log.frequent()
+      {
+          {
+              ['count'] = 1,
+              ['name'] = 'dnssec-failed.org.',
+              ['type'] = 'DNSKEY',
+          },
+          {
+              ['count'] = 13,
+              ['name'] = 'rhybar.cz.',
+              ['type'] = 'DNSKEY',
+          },
+      }
+
+Please note that in future this module might be replaced
+with some other way to log this information.
-- 
cgit v1.2.3