question about blocking specific log entries.
Mark Andrews
Mark_Andrews at isc.org
Thu Oct 16 22:52:28 UTC 2008
One could also just stop blocking the queries.
In message <7C14328A-AAB6-498D-850C-A7C09BA0AB2C at menandmice.com>, Chris Buxton
writes:
> Firstly, with that much traffic, do not log queries to the same log
> file as anything else. Set up logging to send query logs to a
> dedicated query log file.
>
> Secondly, no, you can't log these messages separately from the other
> security category messages. However, you can give whatever channel
> your security category goes to a severity threshold of notice or
> higher; that will stop these. (At least, in my 9.4.2-P2 installation,
> these messages are logged as security/info.)
>
> Chris Buxton
> Professional Services
> Men & Mice
>
> On Oct 16, 2008, at 10:14 AM, Shawn Somers wrote:
>
> > How do I keep these entries from being logged?
> >
> > -------------------
> > named[27910]: client 10.57.1.229#56074: query
> > '1.0.0.127.dnsbugtest.1.0.0.127.in-addr.arpa/PTR/IN' denied
> > -------------------
> >
> > These appear to be coming from Apple computers, or windows PC's with
> > bonjour installed. and they're annoying, to say the least.
> >
> > With 8K Query's/second, the logs contain very little in the way of
> > actual, useful data.
> >
> > --
> > Shawn Somers
> > Systems Administrator
> > Skynet BroadBand
> >
> >
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list