Skip to content

[client] Disable dnssec for systemd explicitly #3831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 16, 2025
Merged

[client] Disable dnssec for systemd explicitly #3831

merged 2 commits into from
May 16, 2025

Conversation

lixmal
Copy link
Contributor

@lixmal lixmal commented May 15, 2025
edited
Loading

Describe your changes

Issue ticket number and link

Updates #1483

Stack

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary

@Copilot Copilot AI review requested due to automatic review settings May 15, 2025 15:23
@lixmal lixmal force-pushed the disable-dnssec-explicitly branch from 1478709 to eac7712 Compare May 15, 2025 15:23
Copilot
Copilot AI reviewed May 15, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR explicitly disables DNSSEC when applying DNS configurations via systemd on Linux.

  • Introduces a new D-Bus method suffix constant for SetDNSSEC
  • Refactors error wrapping for the existing SetDNS call
  • Adds a call to disable DNSSEC ("no") and logs failures
Comments suppressed due to low confidence (3)

client/internal/dns/systemd_linux.go:103

  • Add a unit or integration test to verify that DNSSEC is explicitly set to disabled when applying DNS configuration, ensuring this new behavior is covered by CI.
if err = s.callLinkMethod(systemdDbusSetDNSSECMethodSuffix, "no"); err != nil {

client/internal/dns/systemd_linux.go:103

  • Verify that the D-Bus SetDNSSEC call signature matches this usage; if the method expects a structured input or array rather than a raw string, this may fail at runtime.
if err = s.callLinkMethod(systemdDbusSetDNSSECMethodSuffix, "no"); err != nil {

client/internal/dns/systemd_linux.go:104

  • Confirm that the imported log package supports Errorf. The standard library log does not have Errorf, so ensure the correct logging library is in use.
    log.Errorf("set DNSSEC to 'no': %v", err)

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@lixmal lixmal merged commit b2a1078 into main May 16, 2025
30 of 32 checks passed
@lixmal lixmal deleted the disable-dnssec-explicitly branch May 16, 2025 07:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@hakansa hakansa hakansa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lixmal @hakansa