Your message dated Sat, 16 Aug 2025 13:13:55 +0100
with message-id 
<CAJ3BuoT2GqD1zH05Sg=yosqpp9cde05-16ctdru922kf69e...@mail.gmail.com>
and subject line Re: logcheck-database: bind: "updating zone...PTR" and 
"signer...approved"
has caused the Debian Bug report #687990,
regarding bind rules - updating zone
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
687990: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687990
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.15
Severity: wishlist
Tags: patch

*** Please type your report below this line ***

In /etc/logcheck/ignore.d.server/bind

(1) please change

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
[.:[:xdigit:]]+#[[:digit:]]+: updating zone '[-._[:alnum:]]+/IN':
(adding an RR|deleting rrset) at '[._[:alnum:]-]+' A$

to

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
[.:[:xdigit:]]+#[[:digit:]]+: updating zone '[-._[:alnum:]]+/IN':
(adding an RR|deleting rrset) at '[._[:alnum:]-]+' (A|PTR)$

(please note (A|PTR) instead of A only at the end of the line)

(2) please add

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
[.:[:xdigit:]]+#[[:digit:]]+: signer "[-._[:alnum:]]+" approved$


-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
'proposed-updates')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-xen-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information

--- End Message ---
--- Begin Message ---
On Fri, 31 May 2024 23:50:55 +0100 Richard Lewis
<[email protected]> wrote:
> On Tue, 18 Sep 2012 06:00:06 +0200 Paul Muster <[email protected]> 
> wrote:

> > > (1) please change
> > >
> > > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
> > > [.:[:xdigit:]]+#[[:digit:]]+: updating zone '[-._[:alnum:]]+/IN':
> > > (adding an RR|deleting rrset) at '[._[:alnum:]-]+' A$
> > >
> > > to
> > >
> > > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
> > > [.:[:xdigit:]]+#[[:digit:]]+: updating zone '[-._[:alnum:]]+/IN':
> > > (adding an RR|deleting rrset|deleting an RR) at '[._[:alnum:]-]+' 
> > > (A|PTR|TXT)$
>
>
> It's a shame no-one replied to this bug from 2012.
>
> I suspect these no longer match anything, but more broadly: I;m not
> sure logcheck should be filtering messages related to zone transfers
> by default: that seems like quite a niche/advanced/worrying situation
> -- for most people using bind i think you'd want to know if someone
> was transferring or updating your zones - i certainly would not want
> these filtered.
>
> Nothing to stop people with advanced configurations adding local rules
> of course, but the defaults should be conservative here. So am tempted
> to close/wontfix this one.
>
> However, if anyone is watching this bug and takes a diffferent view
> please reply
> as this is worth a discussion (and im going through bind rules currently)

A year later, closing on the basis that no-one is arguing for a change
to the rules any more. If there is an issue in bind rules, please open
a new bug with the details

--- End Message ---

Reply via email to