debug-level logging for channel security not working

Ulrich David david.ulrich at siesa.ch
Thu Nov 6 07:42:09 UTC 2008 

Hi Mark,

>> 05-Nov-2008 19:36:17.311 security: warning: client 213.221.X.
>> 245#58331: RFC 1918 response from Internet for 21.17.16.172.in- 
>> addr.arpa
>
> 	Read the FAQ answer to:
>
> Q: 	What does "RFC 1918 response from Internet for 0.0.0.10.IN- 
> ADDR.ARPA" mean?

Not a problem, I know what it is.

>> I have set debuging level to 0 :
>> /usr/sbin/named -u named -n 4 -d 0 -t /chroot/dns
>>
>> and my named config file contains :
>>
>> 	channel security {
>> 		syslog local5;
>>      		severity dynamic;
>>    		print-time yes;
>> 		print-severity yes;
>> 		print-category yes;
>> 	};
>>
>> I have tried to put the severity to "error" but the result is the
>> same, I have warnings on security logs...
>
> 	You need to associate the channel with the category for
> 	it to have any effect.  I suggest that you read the logging
> 	section in the ARM.

I need to put more of my named.conf :) ... I have the channels  
associate with category :

         category security { security; };
         category lame-servers { lame-servers; };
         category default { systemlog; };
         category unmatched { systemlog; };

Here is more example of my log which are not dropped  :

Nov  6 08:39:12 cns-server named[11709]: security: warning: client  
213.221.128.213#40442: RFC 1918 response from Internet for  
7.0.16.172.in-addr.arpa
Nov  6 08:39:31 cns-server named[11709]: lame-servers: info: lame  
server resolving 'vizue.com' (in 'vizue.com'?): 213.251.188.140#53
Nov  6 08:39:32 cns-server named[11709]: lame-servers: info:  
unexpected RCODE (REFUSED) resolving 'bluffton.com/MX/IN':  
66.153.203.151#53
Nov  6 08:39:35 cns-server named[11709]: lame-servers: info:  
unexpected RCODE (REFUSED) resolving '56.145.180.59.in-addr.arpa/PTR/ 
IN': 203.94.243.70#53
Nov  6 08:39:35 cns-server named[11709]: lame-servers: info:  
unexpected RCODE (REFUSED) resolving '56.145.180.59.in-addr.arpa/PTR/ 
IN': 203.94.243.70#53
Nov  6 08:39:35 cns-server named[11709]: lame-servers: info:  
unexpected RCODE (SERVFAIL) resolving '69.85.137.85.in-addr.arpa/PTR/ 
IN': 193.0.0.193#53

As I say before, it's warnings and info and I' m on dynamic with debug  
0....

Regards

David


>
>> I add that query log is off.
>>
>> I have the same with the lame-server :
>> 05-Nov-2008 19:36:16.577 lame-servers: info: unexpected RCODE
>> (SERVFAIL) resolving 'host93-139-dynamic.19-87-
>> r.retail.telecomitalia.it/A/IN': 151.99.125.5#53
>> 05-Nov-2008 19:36:16.836 lame-servers: info: lame server resolving
>> '205.24.174.195.in-addr.arpa' (in '24.174.195.in-addr.arpa'?):
>> 62.248.103.11#53
>>
>> which is on severity "dynamic" too.
>>
>> Is it a small bug or miss I something?
>>
>> Regards
>>
>> David
>>
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list