Logging my own lame delegations

Doug Barton DougB at DougBarton.net
Mon Feb 11 09:27:19 UTC 2002 

On Sun, 10 Feb 2002, Doug Barton wrote:

>
> 	For a variety of reasons, I sometimes discover names that have
> been delegated to my many name servers which I was not aware of. Most
> often this happens because rogue users just put my name servers in their
> applications, and most registrars don't check to see if the names are set
> up there.
>
> 	What I'd like to do is somehow log when I get a request for a
> domain that I'm not authoritative for.

	Ok, I took a look at the code and unless I'm missing something,
this is actually a lot easier than I thought it would be. Adding a new
logging category seems to be really easy (just two lines) and I'm pretty
sure that I found the right place in the code to log the NXDOMAIN/NOERROR
answers that I want to log. At least, it works when I test it.

	As an added attraction, since it was so easy to add a new logging
category, I added one for denied dynamic updates. With all those
misconfigured windows clients out there, and the question coming up so
often around here, I thought a category for this message seemed
reasonable. I know this is something _I_ want anyway.

	I'd really like some peer review on these small patches, since
this is my first shot at hacking BIND code, and C isn't my "native
language," so to speak. So much the better if someone from ISC/Nominum
wants to take up the banner for these patches... I'll be happy to go
through the official feature request process if I have some assurance that
I'm on the right track.

Enjoy,

Doug
-- 
   "We have known freedom's price. We have shown freedom's power.
      And in this great conflict, ...  we will see freedom's victory."
	- George W. Bush, President of the United States
          State of the Union, January 28, 2002

         Do YOU Yahoo!?



-- Attached file included as plaintext by Ecartis --
-- File: named-logging.diff

diff -ur ../../../src-clean/bin/named/ns_defs.h ./ns_defs.h
--- ../../../src-clean/bin/named/ns_defs.h	Mon Jan 28 19:59:35 2002
+++ ./ns_defs.h	Mon Feb 11 01:06:34 2002
@@ -880,6 +880,9 @@
 	ns_log_maint,
 	ns_log_load,
 	ns_log_resp_checks,
+	ns_log_my_noanswer,
+	ns_log_my_nxdomain,
+	ns_log_denied_updates,
 	ns_log_control,
 	ns_log_max_category
 } ns_logging_categories;
diff -ur ../../../src-clean/bin/named/ns_glob.h ./ns_glob.h
--- ../../../src-clean/bin/named/ns_glob.h	Mon Nov 12 13:22:26 2001
+++ ./ns_glob.h	Mon Feb 11 01:07:03 2002
@@ -308,6 +308,9 @@
 	{ ns_log_maint,		"maintenance" },
 	{ ns_log_load,		"load" },
 	{ ns_log_resp_checks,	"response-checks" },
+	{ ns_log_my_noanswer,	"my-noanswer" },
+	{ ns_log_my_nxdomain,	"my-nxdomain" },
+	{ ns_log_denied_updates, "denied-updates" },
 	{ ns_log_control,	"control" },
 	{ 0,			NULL }
 }
diff -ur ../../../src-clean/bin/named/ns_req.c ./ns_req.c
--- ../../../src-clean/bin/named/ns_req.c	Thu Jan 31 16:05:36 2002
+++ ./ns_req.c	Mon Feb 11 01:13:31 2002
@@ -1501,6 +1501,13 @@
 			hp->rcode = ns_r_nxdomain;
 		ns_debug(ns_log_default, 3, "req: leaving (%s, rcode %d)",
 			 dname, hp->rcode);
+
+		/* I want to log NXDOMAIN & ancount == 0 */
+		if (hp->ancount == 0)
+			ns_debug(ns_log_my_nxdomain, 0,
+				"req: returned NXDOMAIN, no answer for %s",
+				*dname ? dname : ".");
+
 		if (class != C_ANY) {
 			hp->aa = 1;
 			if (np && (!foundname || !founddata)) {
@@ -1556,6 +1563,12 @@
 			  sin_ntoa(from), *dname ? dname : ".", p_class(class));
 		nameserIncr(from.sin_addr, nssRcvdURQ);
 	}
+
+	/* I want to log NOERROR & ancount == 0 */
+	if ((hp->rcode == NOERROR) && (hp->ancount == 0))
+		ns_debug(ns_log_my_noanswer, 0,
+			"req: returned NOERROR, no answer for %s",
+			*dname ? dname : ".");
 
 	/*
 	 *  If we successfully found the answer in the cache,
diff -ur ../../../src-clean/bin/named/ns_update.c ./ns_update.c
--- ../../../src-clean/bin/named/ns_update.c	Wed Jan  2 16:25:02 2002
+++ ./ns_update.c	Mon Feb 11 01:09:00 2002
@@ -1211,7 +1211,7 @@
 	 */
 
 	if (!ip_addr_or_key_allowed(zp->z_update_acl, from.sin_addr, in_key)) {
-		ns_notice(ns_log_security,
+		ns_notice(ns_log_denied_updates,
 			  "denied update from %s for \"%s\" %s",
 			  sin_ntoa(from), *dname ? dname : ".", p_class(class));
 		nameserIncr(from.sin_addr, nssRcvdUUpd);

More information about the bind-users mailing list