Seeing too many console messages in 9.3.0

Mark Andrews Mark_Andrews at isc.org
Tue Nov 23 23:41:16 UTC 2004


> Greetings. I'm kinda shocked that this isn't in the FAQ, and 
> unfortunately the archives are not searchable right now (MARC dies 
> with an error). Soooooo...
> 
> In switching from BIND 9.2.x to 9.3, I now see a zillion messages on 
> the console and in /var/log/messages that say:
> 
> Nov 23 15:07:43 ns named[1777]: update-security: error: client 
> 148.235.74.53#20612: update 'proper.com/IN' denied
> 
> I am using the exact same named.conf I was using in 9.2.x. The 
> relevant part is:
> 
> options {
>      directory "/etc/namedb";
>          notify yes;
>          pid-file        "/var/run/named/pid";
>          dump-file       "/var/dump/named_dump.db";
>          statistics-file "/var/stats/named.stats";
> };
> 
> logging {
>          channel my_syslog {
>                  syslog daemon; severity warning;
>                  print-category yes; print-severity yes;
>          };
>          category general {my_syslog;};
>          category default {my_syslog;};
>          category notify {my_syslog;};
>          category xfer-in {my_syslog;};
>          category xfer-out {my_syslog;};
>          category lame-servers {null;};
>          category update {null;};
>          category security {null;};
> };
> 
> What magic do I need to get the silly warnings off the console and 
> out of syslog????? I still want normal errors (like me fat-fingering 
> something in the db.foo files) to appear in syslog.
> 
> Also, what changed between 9.2.x and 9.3.0 to make them appear?
> 
> 
	The log message is telling you what you need to change.

		category update-security { null; };

	You may want to change where security goes to now that
	update-security is a seperate category.  Note you really
	should just fix the clients to not make update requests
	if you don't want them.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list