Migrating to 8.2.3-REL (log message changes; gotchas; etc.)
O'Neil,Kevin
oneil at oclc.org
Tue Jan 30 18:56:31 UTC 2001
Here are some changes to the log messages that I've noticed so far going to
8.2.3-REL from 8.2.2-p7.
I also note some new functionality and gotchas I (and others) ran into when
doing the conversion. I include a referral to the 8.2.3-REL release
announcement when appropriate.
...Kevin O'Neil
PS Don't forget that there's an list of the log messages with explanations
at
http://www.acmebw.com/askmrdns/bind-messages.htm.
PPS There's also a new book "The Concise Guide to DNS and BIND" by Nicolai
Langfeldt. It also has a list of log messages with explanations.
http://www.mcp.com/que/detail_que.cfm?item=0789722739
-----------------------------------------------------------
940. [clarity] unapproved -> denied in log messages.
pre-8.2.3:
22-Jan-2001 14:47:37.350 security: notice: unapproved query from
[207.46.106.84].24341 for "100.47.174.132.in-addr.arpa"
8.2.3:
29-Jan-2001 20:53:33.193 security: notice: denied query from
[24.7.129.23].4000 for "BRANDISR.oa.oclc.org"
-----------------------------------------------------------
pre-8.2.3:
15-Jan-2001 22:32:14.661 default: info: ns_resp: query(STIM.TEC.TN.US) NS
points to CNAME (noc.tec.net:)
8.2.3:
30-Jan-2001 10:48:45.537 default: info: ns_resp: query(YAHOO.ES) NS points
to CNAME (ns.europe.yahoo.com:) learnt (CNAME=217.12.4.71:NS=137.39.1.3)
------------------------------------------------------------
pre-8.2.3:
15-Jan-2001 20:26:19.907 response-checks: info: bad referral
(188.207.IN-ADDR.ARPA !< 7.188.207.in-addr.arpa)
8.2.3:
30-Jan-2001 10:48:00.883 response-checks: info: bad referral (com !<
CHECKSUNLIMITED.com) from [168.135.129.140].53
-------------------------------------------------------------
998. [support] show version number in NOTIFY log messages.
pre-8.2.3
15-Jan-2001 19:46:02.562 notify: info: Sent NOTIFY for
"11.174.132.in-addr.arpa IN SOA" (11.174.132.in-addr.arpa); 4 NS, 4 A
8.2.3:
29-Jan-2001 18:58:00.552 notify: info: Sent NOTIFY for "dublincore.org IN
SOA 200101040" (dublincore.org); 4 NS, 4 A
--------------------------------------------------------------------
943. [bug] raise CNAME and OTHER / multiple CNAME logging to
warning.
----------------------------------------------------------------------
************************ GOTCHA **************************
924. [port] sunos solaris: #define NEED_SECURE_DIRECTORY to
secure the directory containing unix domain socket
rather than the socket itself.
directory changed from /usr/local/etc to /usr/local/etc/ndc.d on Solaris
platforms.
// socket for ndc to access bind
controls {
// unix "/usr/local/etc/ndc" perm 0600 owner 0 group 0;
unix "/usr/local/etc/ndc.d/ndc" perm 0600 owner 0 group 0;
};
----------------------------------------------------------------------
976. [bug] some stats weren't getting incremented, & added a
few.
pre-8.2.3:
29-Jan-2001 17:57:04.235 statistics: info: NSTATS 980809024 979606623 0=143
A=5044758 NS=43 SOA=2895 PTR=1203904 MX=419879 X25=56 AAAA=135453 LOC=144
SRV=22311 ANY=1244120
29-Jan-2001 17:57:04.236 statistics: info: XSTATS 980809024 979606623
RR=1622930 RNXD=101697 RFwdR=1081274 RDupR=6468 RFail=10490 RFErr=0
RErr=1067 RAXFR=0 RLame=38690 ROpts=0 SSysQ=415686 SAns=7109412 SFwdQ=988328
SDupQ=478438 SErr=0 RQ=8073706 RIQ=0 RFwdQ=0 RDupQ=28798 RTCP=3172
SFwdR=1081274 SFail=350 SFErr=0 SNaAns=2085862 SNXD=2939907
8.2.3:
30-Jan-2001 12:47:47.179 statistics: info: NSTATS 980876867 980812070 0=2
A=433370 NS=2 SOA=167 PTR=59340 MX=36746 AAAA=8246 SRV=1238 ANY=61336
30-Jan-2001 12:47:47.180 statistics: info: XSTATS 980876867 980812070
RR=105709 RNXD=7710 RFwdR=71771 RDupR=672 RFail=616 RFErr=0 RErr=37 RAXFR=0
RLame=2314 ROpts=0 SSysQ=25614 SAns=593331 SFwdQ=61740 SDupQ=22793 SErr=0
RQ=600447 RIQ=0 RFwdQ=61740 RDupQ=811 RTCP=96 SFwdR=71771 SFail=6 SFErr=0
SNaAns=295561 SNXD=152330 RUQ=1 RURQ=0 RUXFR=0 RUUpd=0
----------------------------------------------------------------------
983. [support] "notify from non-master server" is now debug, not
info.
----------------------------------------------------------------------
****************** GOTCHA ****************************
1070. [bug] We were accepting non syntactically valid SOA
records.
from James Snow [snow at teardrop.org] posted to the mailing list with the
subject line
"8.2.2 -> 8.2.3 Zone File Problems":
In response to the latest BIND8 vulnerability I upgraded my nameservers
from 8.2.2 (p5, I think) to 8.2.3 and my zone files were all rejected.
The cause of this was the positioning of the leading parenthesis after
the SOA line. For example:
@ IN SOA ns.domain.com. snow.domain.com.
( 2001012901
... )
This was rejected. I had to move the leading parenthesis up one line to
get them working again:
@ IN SOA ns.domain.com. snow.domain.com. (
2001012901
... )
I don't have a preference for either one but I am curious to know if
there is a reason for this. (Other than just an oddity in parsing the
zone file.)
I have relatively few zone files to deal with so this was trivial to fix
by hand. If you have more than a few you'll probably want to script a
fix for this before you update.
-Snow
----------------------------------------------------------------------
1107. [func] allow the default syslog facility to be set by
adding -DISC_FACILITY=<value> to CDEBUG in
Makefile.set.
----------------------------------------------------------------------
1106. [func] host statistics can now be cleared after they are
dumped. Use "ndc stats clear".
ndc> help
(builtin) start - start the server
(builtin) restart - stop server if any, start a new one
getpid
status
stop
exec
reload [zone] ...
reconfig [-noexpired] (just sees new/gone zones)
dumpdb
stats [clear]
trace [level]
notrace
querylog
qrylog
help
quit
------------------------------------------------------------------------
1105. [func] host-statistics-max can be used to set a upper bound
on the number hosts we collect statistics against.
----------------------------------------------------------------------
1113. [support] show config file name and age in "ndc status"
1112. [support] "ndc status" no longer mentions loading of config.
ndc> status
config (/usr/local/etc/named.conf) last loaded at age: Mon Jan 29 18:32:18
2001
number of zones allocated: 192
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running
-----------------------------------------------------------------------
1131. [support] TTL 0 is now allowed in zone files.
-----------------------------------------------------------------------
More information about the bind-users
mailing list