DNS Flag signification in Syslog

[Mik J]

Thank you very much Mark for your quick answer
 

    Le Vendredi 18 août 2017 13h46, Mark Andrews <marka at isc.org> a écrit :
 

 
In message <1744062904.346000.1503053675995 at mail.yahoo.com>, Mik J via bind-users writes:
> Hello,
> Do you know where I can find the signification of DNS syslog messages ?

In the Administrators Reference Manual

https://ftp.isc.org/isc/bind9/9.11.2/doc/arm/Bv9ARM.pdf

Search for querylog

> client x.x.x.x#64111 (webmail.google.NET): query: webmail.google.NET
> IN AAAA + (y.y.y.y)=> I'm looking for the signification of the +
> client z.z.z.z#39953 (www.mydomain.org): query: www.mydomain.org IN
> A -ED (y.y.y.y)=> I'm looking for the signification of the -EC
> Thank you

The query log entry first reports a client object identifier in
@0x<hexadecimal-number> format. Next, it reports the client’s IP
address and port number, and the query name, class and type. Next,
it reports whether the Recursion Desired flag was set (+ if set, -
if not set), if the query was signed (S), EDNS was in used along
with the EDNS version number (E(#)), if TCP was used (T), if DO
(DNSSEC Ok) was set (D), if CD (Checking Disabled) was set (C), if
a valid DNS Server COOKIE was received (V), or if a DNS COOKIE
option without a valid Server COOKIE was present (K). After this
the destination address the query was sent to is reported.

client 127.0.0.1#62536 (www.example. com):query:www.example.com IN
AAAA +SE client ::1#62537 (www.example.net): query:www.example.net
IN AAAA -SE

(The first part of this log message, showing the client address/port
number and query name, is repeated in all subsequent log messages
related to the same query.)

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                INTERNET: marka at isc.org


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170818/7acc7f70/attachment.html>