too much activity
Danny Mayer
mayer at gis.net
Tue Aug 10 15:27:32 UTC 2004
At 02:47 AM 8/10/2004, phn at icke-reklam.ipsec.nu wrote:
>Markus Plannerer <mp at no.erpa.spam.de> wrote:
> > Hello,
>
> > we have updated from BIND8 to BIND9 and in the new
> > named.conf logging is enabled by:
> > logging {
> > channel query_logging {
> > file "/var/log/named_querylog"
> > versions 3 size 100M;
> > print-time yes; // timestamp log entries
> > };
> > category queries {
> > query_logging;
> > };
> > category lame-servers { null; };
> > };
>
> > Now there is every second a entry in the log like:
> > Aug 09 20:05:17.017 client 127.0.0.1#32844: query:
> > 130.15.227.212.in-addr.arpa IN PTR
> > Aug 09 20:05:18.028 client 127.0.0.1#32844: query:
> > 130.15.227.212.in-addr.arpa IN PTR
> > Aug 09 20:05:19.027 client 127.0.0.1#32844: query:
> > 130.15.227.212.in-addr.arpa IN PTR
> > Aug 09 20:05:20.038 client 127.0.0.1#32844: query:
> > 130.15.227.212.in-addr.arpa IN PTR
> > and so on and so ...
Some application on the local system is trying to look up a reverse
address and appears to be ignoring the response. Use lsof to find
out what's running on port 32844.
> > Can anybody give me a hint?
>
>You have querylogging turned on. The reason is that whenever you mention
>"query-loggin" in the logging section it's assumed to be tunred on.
>
>The straightforward mechanism ought to be an new options-statement=20
>"query-log {on | off}"
>( isc are you listening ?)
It's off by default unless you specify a queries category for logging.
use rndc querylog to turn it on/off.
Danny
> > Thanks Markus
>
>
>
>--
>Peter H=E5kanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list