4 files changed, 28 insertions, 33 deletions

diff --git a/ChangeLog b/ChangeLog
index 6815223..2501fa5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-02-24  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #14841]
+	* resolv/gethnamaddr.c (getanswer): Skip logging if
+	RES_USE_DNSSEC is set.
+	* resolv/nss_dns/dns-host.c (getanswer_r): Likewise.
+
 2015-02-24  Mike Frysinger  <vapier@gentoo.org>
 
 	* sysdeps/unix/sysv/linux/hppa/sysdep.h: Include dl-sysdep.h.
diff --git a/NEWS b/NEWS
index e5d8ee8..3925acd 100644
--- a/NEWS
+++ b/NEWS
@@ -9,9 +9,9 @@ Version 2.22
 
 * The following bugs are resolved with this release:
 
-  4719, 13064, 14094, 15319, 15467, 15790, 16560, 17269, 17569, 17588,
-  17792, 17836, 17912, 17932, 17944, 17949, 17964, 17965, 17967, 17969,
-  17978, 17987, 17991, 17996, 17998, 17999.
+  4719, 14841, 13064, 14094, 15319, 15467, 15790, 16560, 17269, 17569,
+  17588, 17792, 17836, 17912, 17932, 17944, 17949, 17964, 17965, 17967,
+  17969, 17978, 17987, 17991, 17996, 17998, 17999.
 
 * Character encoding and ctype tables were updated to Unicode 7.0.0, using
   new generator scripts contributed by Pravin Satpute and Mike FABIAN (Red
diff --git a/resolv/gethnamaddr.c b/resolv/gethnamaddr.c
index a861a84..7fd0e49 100644
--- a/resolv/gethnamaddr.c
+++ b/resolv/gethnamaddr.c
@@ -331,23 +331,18 @@ getanswer (const querybuf *answer, int anslen, const char *qname, int qtype)
 			buflen -= n;
 			continue;
 		}
-		if ((type == T_SIG) || (type == T_KEY) || (type == T_NXT)) {
-			/* We don't support DNSSEC yet.  For now, ignore
-			 * the record and send a low priority message
-			 * to syslog.
-			 */
-			syslog(LOG_DEBUG|LOG_AUTH,
-	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
-			       qname, p_class(C_IN), p_type(qtype),
-			       p_type(type));
-			cp += n;
-			continue;
-		}
 		if (type != qtype) {
-			syslog(LOG_NOTICE|LOG_AUTH,
+			/* Log a low priority message if we get an unexpected
+			 * record, but skip it if we are using DNSSEC since it
+			 * uses many different types in responses that do not
+			 * match QTYPE.
+			 */
+			if ((_res.options & RES_USE_DNSSEC) == 0) {
+				syslog(LOG_NOTICE|LOG_AUTH,
 	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
-			       qname, p_class(C_IN), p_type(qtype),
-			       p_type(type));
+					qname, p_class(C_IN), p_type(qtype),
+					p_type(type));
+			}
 			cp += n;
 			continue;		/* XXX - had_error++ ? */
 		}
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
index f715ab0..b16b0dd 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -820,26 +820,19 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
 	  linebuflen -= n;
 	  continue;
 	}
-      if (__builtin_expect (type == T_SIG, 0)
-	  || __builtin_expect (type == T_KEY, 0)
-	  || __builtin_expect (type == T_NXT, 0))
-	{
-	  /* We don't support DNSSEC yet.  For now, ignore the record
-	     and send a low priority message to syslog.  */
-	  syslog (LOG_DEBUG | LOG_AUTH,
-	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
-		  qname, p_class (C_IN), p_type(qtype), p_type (type));
-	  cp += n;
-	  continue;
-	}
 
       if (type == T_A && qtype == T_AAAA && map)
 	have_to_map = 1;
       else if (__glibc_unlikely (type != qtype))
 	{
-	  syslog (LOG_NOTICE | LOG_AUTH,
-	       "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
-		  qname, p_class (C_IN), p_type (qtype), p_type (type));
+	  /* Log a low priority message if we get an unexpected record, but
+	     skip it if we are using DNSSEC since it uses many different types
+	     in responses that do not match QTYPE.  */
+	  if ((_res.options & RES_USE_DNSSEC) == 0)
+	    syslog (LOG_NOTICE | LOG_AUTH,
+		    "gethostby*.getanswer: asked for \"%s %s %s\", "
+		    "got type \"%s\"",
+		    qname, p_class (C_IN), p_type (qtype), p_type (type));
 	  cp += n;
 	  continue;			/* XXX - had_error++ ? */
 	}