Migrating to 8.2.3-REL (log message changes; gotchas; etc.)

Tue Jan 30 18:56:31 UTC 2001

Here are some changes to the log messages that I've noticed so far going to
8.2.3-REL from 8.2.2-p7.

I also note some new functionality and gotchas I (and others) ran into when
doing the conversion.  I include a referral to the 8.2.3-REL release
announcement when appropriate.

...Kevin O'Neil

PS   Don't forget that there's an list of the log messages with explanations
at
http://www.acmebw.com/askmrdns/bind-messages.htm.

PPS  There's also a new book "The Concise Guide to DNS and BIND" by Nicolai
Langfeldt.  It also has a list of log messages with explanations.
http://www.mcp.com/que/detail_que.cfm?item=0789722739

-----------------------------------------------------------

 940.	[clarity]	unapproved -> denied in log messages.

pre-8.2.3:
22-Jan-2001 14:47:37.350 security: notice: unapproved query from
[207.46.106.84].24341 for "100.47.174.132.in-addr.arpa"

8.2.3:
29-Jan-2001 20:53:33.193 security: notice: denied query from
[24.7.129.23].4000 for "BRANDISR.oa.oclc.org"

-----------------------------------------------------------

pre-8.2.3:
15-Jan-2001 22:32:14.661 default: info: ns_resp: query(STIM.TEC.TN.US) NS
points to CNAME (noc.tec.net:)

8.2.3:
30-Jan-2001 10:48:45.537 default: info: ns_resp: query(YAHOO.ES) NS points
to CNAME (ns.europe.yahoo.com:) learnt (CNAME=217.12.4.71:NS=137.39.1.3)

------------------------------------------------------------

pre-8.2.3:
15-Jan-2001 20:26:19.907 response-checks: info: bad referral
(188.207.IN-ADDR.ARPA !< 7.188.207.in-addr.arpa)

8.2.3:
30-Jan-2001 10:48:00.883 response-checks: info: bad referral (com !<
CHECKSUNLIMITED.com) from [168.135.129.140].53

-------------------------------------------------------------

998.	[support]	show version number in NOTIFY log messages.

pre-8.2.3
15-Jan-2001 19:46:02.562 notify: info: Sent NOTIFY for
"11.174.132.in-addr.arpa IN SOA" (11.174.132.in-addr.arpa); 4 NS, 4 A

8.2.3:
29-Jan-2001 18:58:00.552 notify: info: Sent NOTIFY for "dublincore.org IN
SOA 200101040" (dublincore.org); 4 NS, 4 A

--------------------------------------------------------------------

 943.	[bug]		raise CNAME and OTHER / multiple CNAME logging to 
			warning.

----------------------------------------------------------------------

************************ GOTCHA **************************

924.	[port]	sunos solaris: #define NEED_SECURE_DIRECTORY to
			secure the directory containing unix domain socket
			rather than the socket itself.

directory changed from /usr/local/etc to /usr/local/etc/ndc.d on Solaris
platforms.

// socket for ndc to access bind
controls {
//      unix "/usr/local/etc/ndc" perm 0600 owner 0 group 0;
        unix "/usr/local/etc/ndc.d/ndc" perm 0600 owner 0 group 0;
};
----------------------------------------------------------------------

 976.	[bug]		some stats weren't getting incremented, & added a
few.

pre-8.2.3:
29-Jan-2001 17:57:04.235 statistics: info: NSTATS 980809024 979606623 0=143
A=5044758 NS=43 SOA=2895 PTR=1203904 MX=419879 X25=56 AAAA=135453 LOC=144
SRV=22311 ANY=1244120
29-Jan-2001 17:57:04.236 statistics: info: XSTATS 980809024 979606623
RR=1622930 RNXD=101697 RFwdR=1081274 RDupR=6468 RFail=10490 RFErr=0
RErr=1067 RAXFR=0 RLame=38690 ROpts=0 SSysQ=415686 SAns=7109412 SFwdQ=988328
SDupQ=478438 SErr=0 RQ=8073706 RIQ=0 RFwdQ=0 RDupQ=28798 RTCP=3172
SFwdR=1081274 SFail=350 SFErr=0 SNaAns=2085862 SNXD=2939907

8.2.3:
30-Jan-2001 12:47:47.179 statistics: info: NSTATS 980876867 980812070 0=2
A=433370 NS=2 SOA=167 PTR=59340 MX=36746 AAAA=8246 SRV=1238 ANY=61336
30-Jan-2001 12:47:47.180 statistics: info: XSTATS 980876867 980812070
RR=105709 RNXD=7710 RFwdR=71771 RDupR=672 RFail=616 RFErr=0 RErr=37 RAXFR=0
RLame=2314 ROpts=0 SSysQ=25614 SAns=593331 SFwdQ=61740 SDupQ=22793 SErr=0
RQ=600447 RIQ=0 RFwdQ=61740 RDupQ=811 RTCP=96 SFwdR=71771 SFail=6 SFErr=0
SNaAns=295561 SNXD=152330 RUQ=1 RURQ=0 RUXFR=0 RUUpd=0

----------------------------------------------------------------------

983.	[support]	"notify from non-master server" is now debug, not
info.

----------------------------------------------------------------------

****************** GOTCHA ****************************

1070.	[bug]		We were accepting non syntactically valid SOA
records.

from James Snow [snow at teardrop.org] posted to the mailing list with the
subject line 
"8.2.2 -> 8.2.3 Zone File Problems":

In response to the latest BIND8 vulnerability I upgraded my nameservers
from 8.2.2 (p5, I think) to 8.2.3 and my zone files were all rejected.

The cause of this was the positioning of the leading parenthesis after
the SOA line. For example:

	@ IN SOA ns.domain.com. snow.domain.com.
	(    2001012901
		 ... )

This was rejected. I had to move the leading parenthesis up one line to
get them working again:

	@ IN SOA ns.domain.com. snow.domain.com. (
		2001012901
		... )

I don't have a preference for either one but I am curious to know if
there is a reason for this. (Other than just an oddity in parsing the
zone file.)

I have relatively few zone files to deal with so this was trivial to fix
by hand. If you have more than a few you'll probably want to script a
fix for this before you update. 

-Snow

----------------------------------------------------------------------

1107.	[func]	allow the default syslog facility to be set by
			adding -DISC_FACILITY=<value> to CDEBUG in
Makefile.set.

----------------------------------------------------------------------

1106.	[func]	host statistics can now be cleared after they are
			dumped.  Use "ndc stats clear".

ndc> help
(builtin) start - start the server
(builtin) restart - stop server if any, start a new one
getpid
status
stop
exec
reload [zone] ...
reconfig [-noexpired] (just sees new/gone zones)
dumpdb
stats [clear]
trace [level]
notrace
querylog
qrylog
help
quit
------------------------------------------------------------------------

1105.	[func]	host-statistics-max can be used to set a upper bound
			on the number hosts we collect statistics against.

----------------------------------------------------------------------

1113.	[support]	show config file name and age in "ndc status"

1112.	[support]	"ndc status" no longer mentions loading of config.

ndc> status
config (/usr/local/etc/named.conf) last loaded at age: Mon Jan 29 18:32:18
2001 
number of zones allocated: 192
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running

-----------------------------------------------------------------------

1131.	[support]	TTL 0 is now allowed in zone files.

-----------------------------------------------------------------------