How to prevent BIND from resolving addresses in logs
dougb at dougbarton.us
Thu Sep 27 22:38:26 UTC 2012
On 09/27/2012 12:11 PM, Jeremy C. Reed wrote:
> On Thu, 27 Sep 2012, Spumonti Spumonti wrote:
>> I just installed BIND 9.9.1-P3 from source and while looking through
>> the query log files I noticed that IP addresses were being resolved:
>> 27-Sep-2012 12:01:56.512 client 192.168.5.10#44863 (host.foo.com):
>> query: www.ibm.com ...
> That is:
> 2570. [func] Log the destination address the query was sent to.
> [RT #19209]
>> In my other servers which are running the redhat packaged version of
>> BIND (9.8.2), my query logs look like:
>> 27-Sep-2012 14:04:03.523 client 192.168.5.30#64638: query: www.amazon.com ...
>> I'm sure there's something completely obvious that I've missed. How
>> do I stop BIND from resolving these addresses and just including the
>> IP address in the log file?
> That feature isn't offered. Is it inconvenient to know where the query
> was sent to?
Query logging is already an intensive operation, so not adding extra
cycles by default is a good thing. At least there should be a knob to
turn it off.
... and not to impugn the fine ISC devs, but that is a pretty basic
element of software design. No matter how cool *you* think your new
feature is, there will always be users who don't like it, and want to
turn it off. :) So a knob should be provided. The longer the feature you
are modifying has been around, the larger the number of users who will
want to do so. For query logging in particular I can see a non-trivial
number of users who have scripts or other tools to parse the log, so
having the format change in 9.9 would be a POLA issue.
More information about the bind-users