debug-level logging for channel security not working
Ulrich David
david.ulrich at siesa.ch
Thu Nov 6 07:42:09 UTC 2008
Hi Mark,
>> 05-Nov-2008 19:36:17.311 security: warning: client 213.221.X.
>> 245#58331: RFC 1918 response from Internet for 21.17.16.172.in-
>> addr.arpa
>
> Read the FAQ answer to:
>
> Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-
> ADDR.ARPA" mean?
Not a problem, I know what it is.
>> I have set debuging level to 0 :
>> /usr/sbin/named -u named -n 4 -d 0 -t /chroot/dns
>>
>> and my named config file contains :
>>
>> channel security {
>> syslog local5;
>> severity dynamic;
>> print-time yes;
>> print-severity yes;
>> print-category yes;
>> };
>>
>> I have tried to put the severity to "error" but the result is the
>> same, I have warnings on security logs...
>
> You need to associate the channel with the category for
> it to have any effect. I suggest that you read the logging
> section in the ARM.
I need to put more of my named.conf :) ... I have the channels
associate with category :
category security { security; };
category lame-servers { lame-servers; };
category default { systemlog; };
category unmatched { systemlog; };
Here is more example of my log which are not dropped :
Nov 6 08:39:12 cns-server named[11709]: security: warning: client
213.221.128.213#40442: RFC 1918 response from Internet for
7.0.16.172.in-addr.arpa
Nov 6 08:39:31 cns-server named[11709]: lame-servers: info: lame
server resolving 'vizue.com' (in 'vizue.com'?): 213.251.188.140#53
Nov 6 08:39:32 cns-server named[11709]: lame-servers: info:
unexpected RCODE (REFUSED) resolving 'bluffton.com/MX/IN':
66.153.203.151#53
Nov 6 08:39:35 cns-server named[11709]: lame-servers: info:
unexpected RCODE (REFUSED) resolving '56.145.180.59.in-addr.arpa/PTR/
IN': 203.94.243.70#53
Nov 6 08:39:35 cns-server named[11709]: lame-servers: info:
unexpected RCODE (REFUSED) resolving '56.145.180.59.in-addr.arpa/PTR/
IN': 203.94.243.70#53
Nov 6 08:39:35 cns-server named[11709]: lame-servers: info:
unexpected RCODE (SERVFAIL) resolving '69.85.137.85.in-addr.arpa/PTR/
IN': 193.0.0.193#53
As I say before, it's warnings and info and I' m on dynamic with debug
0....
Regards
David
>
>> I add that query log is off.
>>
>> I have the same with the lame-server :
>> 05-Nov-2008 19:36:16.577 lame-servers: info: unexpected RCODE
>> (SERVFAIL) resolving 'host93-139-dynamic.19-87-
>> r.retail.telecomitalia.it/A/IN': 151.99.125.5#53
>> 05-Nov-2008 19:36:16.836 lame-servers: info: lame server resolving
>> '205.24.174.195.in-addr.arpa' (in '24.174.195.in-addr.arpa'?):
>> 62.248.103.11#53
>>
>> which is on severity "dynamic" too.
>>
>> Is it a small bug or miss I something?
>>
>> Regards
>>
>> David
>>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list