too much activity

Danny Mayer mayer at gis.net
Tue Aug 10 15:27:32 UTC 2004


At 02:47 AM 8/10/2004, phn at icke-reklam.ipsec.nu wrote:
>Markus Plannerer <mp at no.erpa.spam.de> wrote:
> > Hello,
>
> > we have updated from BIND8 to BIND9 and in the new
> > named.conf logging is enabled by:
> > logging {
> >       channel query_logging {
> >               file "/var/log/named_querylog"
> >                       versions 3 size 100M;
> >               print-time yes;                 // timestamp log entries
> >       };
> >       category queries {
> >               query_logging;
> >       };
> >       category lame-servers { null; };
> > };
>
> > Now there is every second a entry in the log like:
> > Aug 09 20:05:17.017 client 127.0.0.1#32844: query:
> > 130.15.227.212.in-addr.arpa IN PTR
> > Aug 09 20:05:18.028 client 127.0.0.1#32844: query:
> > 130.15.227.212.in-addr.arpa IN PTR
> > Aug 09 20:05:19.027 client 127.0.0.1#32844: query:
> > 130.15.227.212.in-addr.arpa IN PTR
> > Aug 09 20:05:20.038 client 127.0.0.1#32844: query:
> > 130.15.227.212.in-addr.arpa IN PTR
> > and so on and so ...

Some application on the local system is trying to look up a reverse
address and appears to be ignoring the response. Use lsof to find
out what's running on port 32844.


> > Can anybody give me a hint?
>
>You have querylogging turned on. The reason is that whenever you mention
>"query-loggin" in the logging section it's assumed to be tunred on.
>
>The straightforward mechanism ought to be an new options-statement=20
>"query-log {on | off}"
>( isc are you listening ?)

It's off by default unless you specify a queries category for logging.
use rndc querylog to turn it on/off.

Danny

> > Thanks Markus
>
>
>
>--
>Peter H=E5kanson
>         IPSec  Sverige      ( At Gothenburg Riverside )
>            Sorry about my e-mail address, but i'm trying to keep spam out,
>            remove "icke-reklam" if you feel for mailing me. Thanx.



More information about the bind-users mailing list