On Thu, 18 Oct 2012, David Dowdle wrote: > Some of my external facing nameservers are under attack, and the biggiest > fallout, is the machines goign into iowait from logging all the client query > denied syslog messages. > > note: yes, recursion is turned off on these machines. > > The current logging is a very vanilla > > logging { > category default { default_syslog; default_debug; }; > category lame-servers { null; }; > // below 2 lines are for logging EVERY query. this can fill a drive > //channel "querylog" { file "/var/log/named/query.log"; print-time > yes; }; > //category queries { querylog; }; > }; > > > I'd like to keep logging going, for obvious reasns, but need to kill the > 'client query (cache) denied' messages > > sofar all the google-found 'solutions' are: turn off all logging
Maybe discard all security logging with: category security { null; }; Or setup a new channel for handling security with a "severity" of "notice" or higher --and then set the category for security to use that custom channel. (This cache denied logging is at the "info" level so shouldn't be logged at notice or higher.) A custom my_security_channel example is in the ARM documentation which may provide some hints. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users