Disable log message

Warren Kumari warren at kumari.net
Sat Oct 20 15:53:52 UTC 2012


On Oct 20, 2012, at 12:34 AM, David Miller <dmiller at tiggee.com> wrote:

> 
> 
> On 10/19/2012 11:57 PM, Chris Buxton wrote:
>> On Oct 19, 2012, at 6:22 PM, Warren Kumari wrote:
>>> On Oct 19, 2012, at 9:17 PM, "Michael Hoskins (michoski)" <michoski at cisco.com> wrote:
>>>> -----Original Message-----
>>>>> On Oct 19, 2012, at 6:13 PM, Alan Clegg <alan at clegg.com> wrote:
>>>>> 
>>>>>> 
>>>>>> On Oct 18, 2012, at 1:13 PM, Chris Thompson <cet1 at cam.ac.uk> wrote:
>>>>>> 
>>>>>>> On Oct 18 2012, Jeremy C. Reed wrote:
>>>>>>> 
>>>>>>>> On Thu, 18 Oct 2012, Jack Tavares wrote:
>>>>>>>> 
>>>>>>>>> I  am running bind9.8.x built from source and I see this message in
>>>>>>>>> the logs
>>>>>>>>> built with '--prefix=/blah' '--sbindir=/blah' '--sysconfdir=/blah'
>>>>>>>>> '--localstatedir=/var' '--exec-prefix=/usr' '--libdir=/usr/lib'
>>>>>>>>> '--mandir=/usr/share/man' '--with-openssl=/blah'
>>>>>>>>> '--enable-fixed-rrset' '--enable-shared' '--enable-threads'
>>>>>>>>> '--enable-ipv6' '--with-libtool'  etc etc etc I would prefer to not
>>>>>>>>> have that show up in the log.
>>>>>>>>> Short of modifying the source, is there an easy way to disable that?
>>>>>>>> 
>>>>>>>> No way to disable just it. It is in the "general" catch-all category.
>>>>>>> 
>>>>>>> Also, it is output before the configuration "logging" directives have
>>>>>>> been
>>>>>>> processed, so it comes out with the internal defaults for category and
>>>>>>> priority (daemon.notice). Any suppression would need to be done at the
>>>>>>> syslog level.
>>>>>>> 
>>>>>>> But I have some difficulty understanding why anyone would want it
>>>>>>> suppressed.
>>>>>>> It's true that BIND is a bit noisier than it used to be at this stage,
>>>>>>> but
>>>>>>> can this really be a problem? Do you let the black hats see your
>>>>>>> system logs?
>>>>>> 
>>>>>> 
>>>>>> This message was added by general recognition that being able to
>>>>>> rebuild a "drop-in" binary for BIND when you didn't have access to the
>>>>>> build directory (where the config.log contains the information) was a
>>>>>> good thing.
>>>>> 
>>>>> Yah, a very good thingŠ This has been really really useful to me on a
>>>>> number of occasionsŠ
>>>>> 
>>>>>> 
>>>>>> I, for one, see no reason to suppress this message (but I do have blind
>>>>>> spots at times).
>>>>> 
>>>>> Me neither, but I am interested why folk might want toŠ
>>>> 
>>>> Maybe it's viewed as information disclosure?
>>> 
>>> Ah, that's a good point, especially if BIND is being incorporated into an appliance / black box and there is no need for the users of the appliance to know what all goes on under the hood?
>> 
>> An an employee of the maker of an appliance solution, I can say that we gladly tell our customers what's going on under the hood. If we didn't, they wouldn't trust us.
> 
> Does this log message provide any information that the -V option doesn't
> provide?
> 
> $ named -V
> BIND 9.8.0-P4 built with '--prefix=/blah' '--exec-prefix=/blah'
> '--enable-threads' '--enable-ipv6' 'CFLAGS=-O2 -march=native ...and so on...
> using OpenSSL version: OpenSSL 1.0.0d 8 Feb 2011
> using libxml2 version: 2.7.8

Nope, but there is a difference between someone actually being interested and looking (or asking their vendor) and having it show up directly in the logs…  Someone who cares will be able to quite easily tell that it is BIND (esp if they get something like console access), but I have seem some appliance folk who don't *really* publicize this…

W

> 
> -DMM
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

-- 
"He who laughs last, thinks slowest." 
    -- Anonymous





More information about the bind-users mailing list