How to prevent BIND from resolving addresses in logs
I just installed BIND 9.9.1-P3 from source and while looking through the query log files I noticed that IP addresses were being resolved: 27-Sep-2012 12:01:56.512 client 192.168.5.10#44863 (host.foo.com): query: www.ibm.com ... In my other servers which are running the redhat packaged version of BIND (9.8.2), my query logs look like: 27-Sep-2012 14:04:03.523 client 192.168.5.30#64638: query: www.amazon.com ... The logging section of the configuration looks like: channel query_log { file /var/log/queries/query-log versions 100 size 1m; print-time yes; }; category queries { query_log; }; I'm sure there's something completely obvious that I've missed. How do I stop BIND from resolving these addresses and just including the IP address in the log file? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to prevent BIND from resolving addresses in logs
On 27/09/12 21:08, Spumonti Spumonti wrote: I just installed BIND 9.9.1-P3 from source and while looking through the query log files I noticed that IP addresses were being resolved: 27-Sep-2012 12:01:56.512 client 192.168.5.10#44863 (host.foo.com): query: www.ibm.com ... In my other servers which are running the redhat packaged version of BIND (9.8.2), my query logs look like: 27-Sep-2012 14:04:03.523 client 192.168.5.30#64638: query: www.amazon.com ... To me this looks like a questionabout what IP is valid for www.amazon.com and the question was asked from 192.168.5.30. So www.amazon.com IS the original question, so what you ask is to have the answer in the log? The logging section of the configuration looks like: channel query_log { file /var/log/queries/query-log versions 100 size 1m; print-time yes; }; category queries { query_log; }; I'm sure there's something completely obvious that I've missed. How do I stop BIND from resolving these addresses and just including the IP address in the log file? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to prevent BIND from resolving addresses in logs
On Thu, 27 Sep 2012, Spumonti Spumonti wrote: I just installed BIND 9.9.1-P3 from source and while looking through the query log files I noticed that IP addresses were being resolved: 27-Sep-2012 12:01:56.512 client 192.168.5.10#44863 (host.foo.com): query: www.ibm.com ... That is: 2570. [func] Log the destination address the query was sent to. [RT #19209] In my other servers which are running the redhat packaged version of BIND (9.8.2), my query logs look like: 27-Sep-2012 14:04:03.523 client 192.168.5.30#64638: query: www.amazon.com ... I'm sure there's something completely obvious that I've missed. How do I stop BIND from resolving these addresses and just including the IP address in the log file? That feature isn't offered. Is it inconvenient to know where the query was sent to? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to prevent BIND from resolving addresses in logs
On 09/27/2012 12:11 PM, Jeremy C. Reed wrote: On Thu, 27 Sep 2012, Spumonti Spumonti wrote: I just installed BIND 9.9.1-P3 from source and while looking through the query log files I noticed that IP addresses were being resolved: 27-Sep-2012 12:01:56.512 client 192.168.5.10#44863 (host.foo.com): query: www.ibm.com ... That is: 2570. [func] Log the destination address the query was sent to. [RT #19209] In my other servers which are running the redhat packaged version of BIND (9.8.2), my query logs look like: 27-Sep-2012 14:04:03.523 client 192.168.5.30#64638: query: www.amazon.com ... I'm sure there's something completely obvious that I've missed. How do I stop BIND from resolving these addresses and just including the IP address in the log file? That feature isn't offered. Is it inconvenient to know where the query was sent to? Query logging is already an intensive operation, so not adding extra cycles by default is a good thing. At least there should be a knob to turn it off. ... and not to impugn the fine ISC devs, but that is a pretty basic element of software design. No matter how cool *you* think your new feature is, there will always be users who don't like it, and want to turn it off. :) So a knob should be provided. The longer the feature you are modifying has been around, the larger the number of users who will want to do so. For query logging in particular I can see a non-trivial number of users who have scripts or other tools to parse the log, so having the format change in 9.9 would be a POLA issue. hth, Doug ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to prevent BIND from resolving addresses in logs
Wow, do I feel like an idiot ... there's dumb and then there's the message I sent in. I just took a quick look and *ASSUMED* the name in parentheses after the client IP address was the hostname of the IP address. Nope. Looking at another line from the log and actually READING it I see this is not the case: 27-Sep-2012 17:17:00.236 client 192.168.5.69#5965 (mail.schnauzerproblems.com): query: mail.schnauzerproblems.com IN A + I am ashamed. --- On Thu, 9/27/12, Jeremy C. Reed jr...@isc.org wrote: From: Jeremy C. Reed jr...@isc.org Subject: Re: How to prevent BIND from resolving addresses in logs To: Spumonti Spumonti spumo...@yahoo.com Cc: bind-users@lists.isc.org Date: Thursday, September 27, 2012, 5:11 PM On Thu, 27 Sep 2012, Spumonti Spumonti wrote: I just installed BIND 9.9.1-P3 from source and while looking through the query log files I noticed that IP addresses were being resolved: 27-Sep-2012 12:01:56.512 client 192.168.5.10#44863 (host.foo.com): query: www.ibm.com ... That is: 2570. [func] Log the destination address the query was sent to. [RT #19209] In my other servers which are running the redhat packaged version of BIND (9.8.2), my query logs look like: 27-Sep-2012 14:04:03.523 client 192.168.5.30#64638: query: www.amazon.com ... I'm sure there's something completely obvious that I've missed. How do I stop BIND from resolving these addresses and just including the IP address in the log file? That feature isn't offered. Is it inconvenient to know where the query was sent to? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to prevent BIND from resolving addresses in logs
On 09/27/2012 12:44 PM, Spumonti Spumonti wrote: Wow, do I feel like an idiot ... ... and I feel even more so because I didn't double-check for myself. :) Doug ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to prevent BIND from resolving addresses in logs
In message 1348772894.42110.yahoomailclas...@web126006.mail.ne1.yahoo.com, Spumonti Spumonti writes: I just installed BIND 9.9.1-P3 from source and while looking through the query log files I noticed that IP addresses were being resolved: 27-Sep-2012 12:01:56.512 client 192.168.5.10#44863 (host.foo.com): query: www.ibm.com ... No. They are not being resolved. If you had left the log message along you would have seen that it was the qname being logged which in the case of the query entry is redundant but for all other client log messages it is useful. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users