Uzor Ide wrote:


  We have a network that relies on kerberos, 389-ds, bind and nfs4. I am
currently testing out the freeipa version 2 to see if we can use it to
consolidate the various configuration into one interface. For the most
part it works great apart from the obvious area where it has not been
completed. However there are somethings that I have noticed.

1.) The DNS logging always logs database error every time it access the
ldap. even though the query returns okay and the dns reply is fine.

here is an excerpt of the log  named.run

24-Oct-2010 10:32:33.025 edns-disabled: info: success resolving
'www.mailscanner.tv/A <http://www.mailscanner.tv/A>' (in 'mailscanner.tv
<http://mailscanner.tv>'?) after reducing the advertised EDNS UDP packet
size to 512 octets
24-Oct-2010 10:34:41.137 database: error: querying 'idnsName=wpad,
idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
'(objectClass=idnsRecord)'
24-Oct-2010 10:34:41.140 database: error: querying 'idnsname=uzdomain.ca
<http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
'(objectClass=idnsRecord)'
24-Oct-2010 10:34:41.143 database: error: entry count: 1
24-Oct-2010 10:34:41.146 database: error: querying 'idnsName=wpad,
idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
'(objectClass=idnsRecord)'
24-Oct-2010 10:39:43.581 database: error: querying 'idnsName=wpad,
idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
'(objectClass=idnsRecord)'
24-Oct-2010 10:39:43.583 database: error: querying 'idnsname=uzdomain.ca
<http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
'(objectClass=idnsRecord)'
24-Oct-2010 10:39:43.586 database: error: entry count: 1
24-Oct-2010 10:39:43.589 database: error: querying 'idnsName=wpad,
idnsname=uzdomain.ca <http://uzdomain.ca>,cn=dns,dc=uzdomain,dc=ca' with
'(objectClass=idnsRecord)'

  here is our logging configuration

// *******************
// Logging definitions
// *******************

// Logging
logging {
    channel "named_log" {
       file "data/log/named.run" versions 5 size 4m;
       severity dynamic;
       print-category yes;
       print-severity yes;
       print-time yes;
    };

    channel "security_log" {
       file "data/log/security.log" versions 5 size 10m;
       severity dynamic;
       print-category yes;
       print-severity yes;
       print-time yes;
    };

    channel "query_log" {
       file "data/log/query.log" versions 5 size 50m;
       #severity dynamic;
       severity debug;
       print-category yes;
       print-severity yes;
       print-time yes;
    };

    channel "transfer_log" {
       file "data/log/transfer.log" versions 5 size 10m;
       severity dynamic;
       print-category yes;
       print-severity yes;
   };

    category "default" {
"named_log";
"default_syslog";
"default_debug";
    };

    category "general" {
"named_log";
    };

   category "queries" {
"query_log";
    };

    category "lame-servers" {
       null;
    };

    category "security" {
"security_log";
    };

    category "config" {
"named_log";
    };

    category "resolver" {
"query_log";
    };

    category "xfer-in" {
"transfer_log";
    };

    category "xfer-out" {
"transfer_log";
    };

    category "notify" {
"transfer_log";
    };

    category "client" {
"query_log";
    };

    category "network" {
"named_log";
    };

    category "update" {
"transfer_log";
    };

    category "dnssec" {
"security_log";
    };

  category "dispatch" {
"security_log";
    };
};

This error message keeps triggering our monitoring systems.

This has been fixed in bug https://bugzilla.redhat.com/show_bug.cgi?id=656454. It should show up as bind-dyndb-ldap-0.2.0-1.fc14 in the Fedora updates-testing repo in the next day or so.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to