Understanding logging.
Lars-Johan Liman
liman at autonomica.se
Wed Sep 22 13:36:25 UTC 2004
jim at rfc1035.com:
>>>>>> "Geir" == Geir Wettland <Geir.Wettland at runit.no> writes:
> Geir> What does the + the - and the E at the end of the lines
> Geir> mean? I've started to notice them after I upgraded from
> Geir> 9.2.x to 9.3.0rc3.
> The + and - indicate whether the RA (Recursion Available) bit was or
> wasn't set in the query. If it's set, the query probably came from a
> name server that is saying it can do recursion and would be happy to
> get a referral response. If it's not set -- indicated by the minus
> sign -- the query probably comes from a stub resolver that expects the
> name server to perform the resolution. EDNS0 queries are indicated by
> the letter E in the logs.
Jim, are you QUITE sure? I'd say that '+' indicates that the RD
(recursion DESIRED) bit was set (and '-' = not set) in THE INCOMING
QUERY. The RA bit is extremely seldom set in a query. Remeber that
what we're looking at is the query log from "named", not "dig" output.
E is for "query had EDNS options", yes.
There can also be an S, which means that the query was signed with TSIG.
Then again, we'll soon have Mark here stating the TRUTH(TM). :-)
Cheers,
/Liman
#----------------------------------------------------------------------
# Lars-Johan Liman, M.Sc. ! E-mail: liman at autonomica.se
# Senior Systems Specialist ! HTTP : //www.autonomica.se/
# Autonomica AB, Stockholm ! Voice : +46 8 - 615 85 72
#----------------------------------------------------------------------
More information about the bind-users
mailing list