Re: [exim-dev] DNSSEC / log spam
On Sat, Jun 30, 2018 at 02:45:31AM -0400, Phil Pennock wrote: > On 2018-06-30 at 00:01 -0400, Viktor Dukhovni via Exim-dev wrote: > > So there is a potential solution, if you're > > willing to change how manage _res.options. > > No. Messing with _res was always dangerous and since NetBSD went and > made incompatible changes, life became hell. OK, but just as a data point, over in Postfix-land we've not had any trouble with _res in the legacy resolver API on any supported platforms. And if you use res_ninit() you get to have your own private resolver state. So it is not clear why Exim would have such troubles. Exim is not multi-threaded IIRC. Anyway, I should not persist, just trying to be helpful, and don't want to be a pest... So no more, unless you have questions. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] DNSSEC / log spam
On 2018-06-30 at 00:01 -0400, Viktor Dukhovni via Exim-dev wrote: > So there is a potential solution, if you're > willing to change how manage _res.options. No. Messing with _res was always dangerous and since NetBSD went and made incompatible changes, life became hell. If we're going to do anything more sophisticated, or any surgery at all, then my inclination would be to rip out all support for _res and libc DNS handling and go straight to the getdns API. We're past breaking point on any more vendor stupidity in _res. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] DNSSEC / log spam
On Fri, Jun 29, 2018 at 09:54:17PM -0400, Phil Pennock wrote: > On 2018-06-29 at 20:16 -0500, Larry Rosenman via Exim-dev wrote: > > Greetings, > > I have my DNS Zone DNSSEC enabled, but some of my dynamic > > sub-domains are NOT DNSSEC due to HE.net not supporting DNSSEC yet. > > can we suppress/change exim to not spam the logs with: > > > > Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked > > for "borg.lerctr.org IN ", got type "RRSIG" > > Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked > > for "borg.lerctr.org IN A", got type "RRSIG" > > Those messages are being generated by libc, so although it's from the > Exim process, it's not from the Exim codebase. > > AFAIK there's nothing we can do from our side, as long as going through > that interface. > > I'm guessing that this is a Router using hostname resolution; those all > have options to change how DNS resolution is done, IIRC. Post on > exim-users if you need help reconfiguring, but it should be setting > route_data/route_list to use `bydns`. Of course, there might be a > _reason_ to not do that ... in which case, see if you can get libc built > without DEBUG enabled, or comment out the log-message and recompile > libc. > > On FreeBSD, it's: /usr/src/lib/libc/net/getaddrinfo.c > > -Phil Thanks, I sent a note off to the FreeBSD folks. (I'm a ports committer there). -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: l...@lerctr.org US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 signature.asc Description: PGP signature -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] DNSSEC / log spam
On 2018-06-29 at 20:16 -0500, Larry Rosenman via Exim-dev wrote: > Greetings, > I have my DNS Zone DNSSEC enabled, but some of my dynamic > sub-domains are NOT DNSSEC due to HE.net not supporting DNSSEC yet. > can we suppress/change exim to not spam the logs with: > > Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked for > "borg.lerctr.org IN ", got type "RRSIG" > Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked for > "borg.lerctr.org IN A", got type "RRSIG" Those messages are being generated by libc, so although it's from the Exim process, it's not from the Exim codebase. AFAIK there's nothing we can do from our side, as long as going through that interface. I'm guessing that this is a Router using hostname resolution; those all have options to change how DNS resolution is done, IIRC. Post on exim-users if you need help reconfiguring, but it should be setting route_data/route_list to use `bydns`. Of course, there might be a _reason_ to not do that ... in which case, see if you can get libc built without DEBUG enabled, or comment out the log-message and recompile libc. On FreeBSD, it's: /usr/src/lib/libc/net/getaddrinfo.c -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##