diff options
Diffstat (limited to 'daemon')
| -rw-r--r-- | daemon/daemon.c | 2 | ||||
| -rw-r--r-- | daemon/remote.c | 2 | ||||
| -rw-r--r-- | daemon/worker.c | 15 |
3 files changed, 14 insertions, 5 deletions
diff --git a/daemon/daemon.c b/daemon/daemon.c index e14edb99df05..7461a26e2104 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -770,7 +770,7 @@ daemon_delete(struct daemon* daemon) # endif # ifdef HAVE_OPENSSL_CONFIG EVP_cleanup(); -# if OPENSSL_VERSION_NUMBER < 0x10100000 +# if (OPENSSL_VERSION_NUMBER < 0x10100000) && !defined(OPENSSL_NO_ENGINE) ENGINE_cleanup(); # endif CONF_modules_free(); diff --git a/daemon/remote.c b/daemon/remote.c index 48efba7409c8..1689154f5721 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -1987,7 +1987,7 @@ parse_delegpt(RES* ssl, char* args, uint8_t* nm, int allow_names) return NULL; } } else { -#ifndef HAVE_SSL_SET1_HOST +#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) if(auth_name) log_err("no name verification functionality in " "ssl library, ignored name for %s", todo); diff --git a/daemon/worker.c b/daemon/worker.c index c9504dd207be..433b96fd527a 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1171,7 +1171,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, /* check if this query should be dropped based on source ip rate limiting */ if(!infra_ip_ratelimit_inc(worker->env.infra_cache, repinfo, - *worker->env.now)) { + *worker->env.now, c->buffer)) { /* See if we are passed through with slip factor */ if(worker->env.cfg->ip_ratelimit_factor != 0 && ub_random_max(worker->env.rnd, @@ -1559,8 +1559,17 @@ send_reply_rc: if(worker->env.cfg->log_replies) { struct timeval tv = {0, 0}; - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, - tv, 1, c->buffer); + if(qinfo.local_alias && qinfo.local_alias->rrset && + qinfo.local_alias->rrset->rk.dname) { + /* log original qname, before the local alias was + * used to resolve that CNAME to something else */ + qinfo.qname = qinfo.local_alias->rrset->rk.dname; + log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + tv, 1, c->buffer); + } else { + log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + tv, 1, c->buffer); + } } #ifdef USE_DNSCRYPT if(!dnsc_handle_uncurved_request(repinfo)) { |