dynamic updates category

Pete Ehlke pde at ehlke.net
Wed Jun 12 12:33:39 UTC 2002

On Wed, Jun 12, 2002 at 03:43:13PM +1000, Mark_Andrews at isc.org wrote:
> > Mark, thanks for the suggestion.  However, to stop those clients, I need
> > to find out who they are first.
> 	Well that is logged.
> > I have thousands of computers on the
> > network with people who like experimenting with their work PC's.  While
> > I'm not in the business of being a network cop, I need to generate a
> > report of dynamic updates for people who are in that business.  Instead
> > of clobbering the syslog, I decided to utilize a feature that BIND
> > offers, namely the update category. I'd like to have a separate channel
> > for these updates and I can't get it to work, for unknown to me reason.
> > So, the question still stands.
> 	You know the category to which it is logged.  You can always
> 	redirect that category.
Again we see someone frustrated by the fact that failed updates are
classed as a securety event, and logged with all other security event.
Several folks have argued here that the logging of failed updates, while
documented, is confusing and counterintuitive. In particular, the fact
that there is an 'update' category, described in the manual as logging
dynamic update events, that does not catch *failed* update evenets seems
to trip up an awful lot of people. Is the actual behaviour documented?
Sure. Is it confusing? Yes.

In April, on the NANOG list, Paul stated in plain English that "if there
was demand, ISC would make a specific category called 'failed-updates'".
It would seem that there is demand. Yet the last time this question was
brought up here, the silence from the ISC and from nominum was
deafening. So... What is the ISC's official position on this? Does the
ISC consider that there is no demand? Was Paul blowing smoke? Has noone
made an Officially Blessed Feature Request?


More information about the bind-users mailing list