Opened 7 years ago

Closed 6 years ago

#2910 closed defect (wontfix)

RESOLVER_QUERY_DROPPED and RESOLVER_QUERY_REJECTED should not be INFO

Reported by: jreed Owned by:
Priority: medium Milestone: DNS Outstanding Tasks
Component: resolver Version:
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DNS Feature Depending on Ticket:
Estimated Difficulty: 2 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

By default, RESOLVER_QUERY_DROPPED and RESOLVER_QUERY_REJECTED are INFO level. This can be very noisy. For example, on one abused system, I am getting multiple each second using the same IP and port.

Let's move this from INFO to some DEBUG level.

As part of this ticket, please also document how to log just these specific details when desired. (If that is not possible, please open a new ticket.)

Subtickets

Change History (7)

comment:1 follow-up: Changed 7 years ago by jinmei

BIND 9 seems to log it at the log level:

                        ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
                                      NS_LOGMODULE_QUERY, ISC_LOG_INFO,
                                      "%s denied", msg);

                        ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
                                      NS_LOGMODULE_QUERY, ISC_LOG_INFO,
                                      "query-on denied");

and allow the user to suppress it via the category configuration.

Not necessarily to say we should definitely do the same, but it seems
to suggest that what we should do doesn't seem to be so obvious.

comment:2 in reply to: ↑ 1 Changed 7 years ago by jinmei

Replying to jinmei:

BIND 9 seems to log it at the log level:

I meant "at the info level".

comment:3 Changed 7 years ago by muks

  • Estimated Difficulty changed from 0 to 2

comment:4 Changed 7 years ago by shane

It may make more sense to introduce a rate limit for logging, as discussed at the last BIND face to face meeting.

comment:5 Changed 7 years ago by shane

  • Milestone New Tasks deleted

comment:6 Changed 6 years ago by stephen

  • Milestone set to DNS Outstanding Tasks

comment:7 Changed 6 years ago by tomek

  • Resolution set to wontfix
  • Status changed from new to closed

DNS and BIND10 framework is outside of scope for Kea project.
The corresponding code has been removed from Kea git repository.
If you want to follow up on DNS or former BIND10 issues, see
http://bundy-dns.de project.

Closing ticket.

Note: See TracTickets for help on using tickets.