Disable log message

David Miller dmiller at tiggee.com
Sat Oct 20 04:34:29 UTC 2012



On 10/19/2012 11:57 PM, Chris Buxton wrote:
> On Oct 19, 2012, at 6:22 PM, Warren Kumari wrote:
>> On Oct 19, 2012, at 9:17 PM, "Michael Hoskins (michoski)" <michoski at cisco.com> wrote:
>>> -----Original Message-----
>>>> On Oct 19, 2012, at 6:13 PM, Alan Clegg <alan at clegg.com> wrote:
>>>>
>>>>>
>>>>> On Oct 18, 2012, at 1:13 PM, Chris Thompson <cet1 at cam.ac.uk> wrote:
>>>>>
>>>>>> On Oct 18 2012, Jeremy C. Reed wrote:
>>>>>>
>>>>>>> On Thu, 18 Oct 2012, Jack Tavares wrote:
>>>>>>>
>>>>>>>> I  am running bind9.8.x built from source and I see this message in
>>>>>>>> the logs
>>>>>>>> built with '--prefix=/blah' '--sbindir=/blah' '--sysconfdir=/blah'
>>>>>>>> '--localstatedir=/var' '--exec-prefix=/usr' '--libdir=/usr/lib'
>>>>>>>> '--mandir=/usr/share/man' '--with-openssl=/blah'
>>>>>>>> '--enable-fixed-rrset' '--enable-shared' '--enable-threads'
>>>>>>>> '--enable-ipv6' '--with-libtool'  etc etc etc I would prefer to not
>>>>>>>> have that show up in the log.
>>>>>>>> Short of modifying the source, is there an easy way to disable that?
>>>>>>>
>>>>>>> No way to disable just it. It is in the "general" catch-all category.
>>>>>>
>>>>>> Also, it is output before the configuration "logging" directives have
>>>>>> been
>>>>>> processed, so it comes out with the internal defaults for category and
>>>>>> priority (daemon.notice). Any suppression would need to be done at the
>>>>>> syslog level.
>>>>>>
>>>>>> But I have some difficulty understanding why anyone would want it
>>>>>> suppressed.
>>>>>> It's true that BIND is a bit noisier than it used to be at this stage,
>>>>>> but
>>>>>> can this really be a problem? Do you let the black hats see your
>>>>>> system logs?
>>>>>
>>>>>
>>>>> This message was added by general recognition that being able to
>>>>> rebuild a "drop-in" binary for BIND when you didn't have access to the
>>>>> build directory (where the config.log contains the information) was a
>>>>> good thing.
>>>>
>>>> Yah, a very good thingŠ This has been really really useful to me on a
>>>> number of occasionsŠ
>>>>
>>>>>
>>>>> I, for one, see no reason to suppress this message (but I do have blind
>>>>> spots at times).
>>>>
>>>> Me neither, but I am interested why folk might want toŠ
>>>
>>> Maybe it's viewed as information disclosure?
>>
>> Ah, that's a good point, especially if BIND is being incorporated into an appliance / black box and there is no need for the users of the appliance to know what all goes on under the hood?
> 
> An an employee of the maker of an appliance solution, I can say that we gladly tell our customers what's going on under the hood. If we didn't, they wouldn't trust us.

Does this log message provide any information that the -V option doesn't
provide?

$ named -V
BIND 9.8.0-P4 built with '--prefix=/blah' '--exec-prefix=/blah'
'--enable-threads' '--enable-ipv6' 'CFLAGS=-O2 -march=native ...and so on...
using OpenSSL version: OpenSSL 1.0.0d 8 Feb 2011
using libxml2 version: 2.7.8

-DMM



More information about the bind-users mailing list