From 41d2c72805264cd9b8bf22c3636045c8351f029e Mon Sep 17 00:00:00 2001
From: Stephen Paul Weber <singpolyma@singpolyma.net>
Date: Tue, 7 Nov 2023 15:10:04 -0500
Subject: [PATCH] Log DNSSEC failures more verbosely

---
 .../eu/siacs/conversations/utils/Resolver.java   | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/main/java/eu/siacs/conversations/utils/Resolver.java b/src/main/java/eu/siacs/conversations/utils/Resolver.java
index 4193f84e3079917b688dfd38b39c0d663bf9a6c2..82f609670a1da382e8a87af8614197a6cba6ce98 100644
--- a/src/main/java/eu/siacs/conversations/utils/Resolver.java
+++ b/src/main/java/eu/siacs/conversations/utils/Resolver.java
@@ -24,11 +24,11 @@ import java.util.List;
 import org.minidns.AbstractDnsClient;
 import org.minidns.DnsCache;
 import org.minidns.DnsClient;
-import org.minidns.dnsname.DnsName;
-import org.minidns.dnsmessage.Question;
-import org.minidns.record.Record;
 import org.minidns.cache.LruCache;
+import org.minidns.dnsmessage.Question;
+import org.minidns.dnsname.DnsName;
 import org.minidns.dnssec.DnssecResultNotAuthenticException;
+import org.minidns.dnssec.DnssecValidationFailedException;
 import org.minidns.dnsserverlookup.AndroidUsingExec;
 import org.minidns.hla.DnssecResolverApi;
 import org.minidns.hla.ResolverApi;
@@ -39,6 +39,7 @@ import org.minidns.record.AAAA;
 import org.minidns.record.CNAME;
 import org.minidns.record.Data;
 import org.minidns.record.InternetAddressRR;
+import org.minidns.record.Record;
 import org.minidns.record.SRV;
 import eu.siacs.conversations.Config;
 import eu.siacs.conversations.R;
@@ -245,7 +246,6 @@ public class Resolver {
         List<Result> results = new ArrayList<>();
         try {
             ResolverResult<A> aResult = resolveWithFallback(dnsName, A.class);
-            Log.d("WUTr", "" + aResult.isAuthenticData() + " " + aResult.getAnswersOrEmptySet());
             for (A a : aResult.getAnswersOrEmptySet()) {
                 Result r = Result.createDefault(dnsName, a.getInetAddress());
                 r.authenticated = aResult.isAuthenticData();
@@ -278,7 +278,13 @@ public class Resolver {
     private static <D extends Data> ResolverResult<D> resolveWithFallback(DnsName dnsName, Class<D> type) throws IOException {
         final Question question = new Question(dnsName, Record.TYPE.getType(type));
         try {
-            return DnssecResolverApi.INSTANCE.resolve(question);
+            ResolverResult<D> result = DnssecResolverApi.INSTANCE.resolve(question);
+            if (!result.isAuthenticData()) {
+                Log.d(Config.LOGTAG, "DNSSEC validation failed: " + result.getUnverifiedReasons());
+            }
+            return result;
+        } catch (DnssecValidationFailedException e) {
+            Log.d(Config.LOGTAG, Resolver.class.getSimpleName() + ": error resolving " + type.getSimpleName() + " with DNSSEC. Trying DNS instead.", e);
         } catch (IOException e) {
             throw e;
         } catch (Throwable throwable) {