On Thu, 18 Oct 2012, David Dowdle wrote:
Some of my external facing nameservers are under attack, and the biggiest
fallout, is the machines goign into iowait from logging all the client query
denied syslog messages.
note: yes, recursion is turned off on these machines.
The current logging is a very vanilla
logging {
category default { default_syslog; default_debug; };
category lame-servers { null; };
// below 2 lines are for logging EVERY query. this can fill a drive
//channel querylog { file /var/log/named/query.log; print-time
yes; };
//category queries { querylog; };
};
I'd like to keep logging going, for obvious reasns, but need to kill the
'client query (cache) denied' messages
sofar all the google-found 'solutions' are: turn off all logging
Maybe discard all security logging with:
category security { null; };
Or setup a new channel for handling security with a severity of
notice or higher --and then set the category for security to use that
custom channel. (This cache denied logging is at the info level so
shouldn't be logged at notice or higher.)
A custom my_security_channel example is in the ARM documentation
which may provide some hints.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users