rec: Add `log-rpz-changes` to log RPZ additions and removals

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index afad36ca6d3631f816644cf2e7844ea6551a2541..7f0896a9d2fb0fb3aab84701ab5a67b793470303 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -164,6 +164,7 @@ string s_programname="pdns_recursor";
 string s_pidfname;
 unsigned int g_numThreads;
 uint16_t g_outgoingEDNSBufsize;
+bool g_logRPZChanges{false};
 
 #define LOCAL_NETS "127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10"
 // Bad Nets taken from both:
@@ -2887,6 +2888,7 @@ static int serviceMain(int argc, char*argv[])
   g_latencyStatSize=::arg().asNum("latency-statistic-size");
 
   g_logCommonErrors=::arg().mustDo("log-common-errors");
+  g_logRPZChanges = ::arg().mustDo("log-rpz-changes");
 
   g_anyToTcp = ::arg().mustDo("any-to-tcp");
   g_udpTruncationThreshold = ::arg().asNum("udp-truncation-threshold");
@@ -3303,6 +3305,8 @@ int main(int argc, char **argv)
 
     ::arg().set("cpu-map", "Thread to CPU mapping, space separated thread-id=cpu1,cpu2..cpuN pairs")="";
 
+    ::arg().setSwitch("log-rpz-changes", "Log additions and removals to RPZ zones at Info level")="no";
+
     ::arg().setCmd("help","Provide a helpful message");
     ::arg().setCmd("version","Print version string");
     ::arg().setCmd("config","Output blank configuration");

diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index 08263e544ed56cb368f8c871c17900d5af9675d4..0bf44e3df017e171b5328b7eed52d136cf69de90 100644 (file)
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -553,6 +553,15 @@ It is recommended not to set this below 3.
 
 Some DNS errors occur rather frequently and are no cause for alarm.
 
+``log-rpz-changes``
+---------------------
+.. versionadded:: 4.1.0
+
+-  Boolean
+-  Default: no
+
+Log additions and removals to RPZ zones at Info (6) level instead of Debug (7).
+
 .. _setting-logging-facility:
 
 ``logging-facility``

diff --git a/pdns/reczones.cc b/pdns/reczones.cc
index 53c90edea1678bbe7d7c6d96abeae3e56eadb337..c0fcca6cd72806eae564824c3340d6a1aad06087 100644 (file)
--- a/pdns/reczones.cc
+++ b/pdns/reczones.cc
@@ -367,7 +367,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zoneName, boost::
        }
        else {
           totremove++;
-         L<<Logger::Debug<<"Had removal of "<<rr.d_name<<endl;
+         L<<(g_logRPZChanges ? Logger::Info : Logger::Debug)<<"Had removal of "<<rr.d_name<<" from RPZ zone "<<zoneName.toStringNoDot()<<endl;
          RPZRecordToPolicy(rr, newZone, false, defpol, maxTTL);
        }
       }
@@ -384,7 +384,7 @@ void RPZIXFRTracker(const ComboAddress& master, const DNSName& zoneName, boost::
        }
        else {
           totadd++;
-         L<<Logger::Debug<<"Had addition of "<<rr.d_name<<endl;
+         L<<(g_logRPZChanges ? Logger::Info : Logger::Debug)<<"Had addition of "<<rr.d_name<<" to RPZ zone "<<zoneName.toStringNoDot()<<endl;
          RPZRecordToPolicy(rr, newZone, true, defpol, maxTTL);
        }
       }

diff --git a/pdns/rpzloader.hh b/pdns/rpzloader.hh
index 83a367275a9964c83c22e419502be742007efcd0..37b79c5f5996747d8ea7688405a0f71f6477524d 100644 (file)
--- a/pdns/rpzloader.hh
+++ b/pdns/rpzloader.hh
@@ -24,6 +24,8 @@
 #include <string>
 #include "dnsrecords.hh"
 
+extern bool g_logRPZChanges;
+
 void loadRPZFromFile(const std::string& fname, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL);
 std::shared_ptr<SOARecordContent> loadRPZFromServer(const ComboAddress& master, const DNSName& zoneName, std::shared_ptr<DNSFilterEngine::Zone> zone, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL, const TSIGTriplet& tt, size_t maxReceivedBytes, const ComboAddress& localAddress);
 void RPZRecordToPolicy(const DNSRecord& dr, std::shared_ptr<DNSFilterEngine::Zone> zone, bool addOrRemove, boost::optional<DNSFilterEngine::Policy> defpol, uint32_t maxTTL);