logging bug for rpz at load-time?
Mukund Sivaraman
muks at isc.org
Thu Sep 3 14:14:11 UTC 2015
Hi Phil
On Thu, Sep 03, 2015 at 01:22:48PM +0100, Phil Mayers wrote:
> Minor cosmetic bug, but we're seeing logs like:
>
> 03-Sep-2015 12:18:50.751 (re)loading policy zone 'rpz.<local>' changed from
> 0 to 77406 qname, 0 to 0 nsdname, 769 to 771 IP, 0 to 0 NSIP, 0 to 0
> CLIENTIP entries
>
> 03-Sep-2015 12:18:58.029 (re)loading policy zone 'rpz.<upstream>' changed
> from 77406 to 1213943 qname, 0 to 0 nsdname, 771 to 771 IP, 0 to 0 NSIP, 0
> to 0 CLIENTIP entries
>
> Couple of problems here - the "local" RPZ (first log line) only has a few
> hundred entries in it, definitely not 77406.
>
> Second, the next log line seems to claim the "upstream" RPZ goes from
> exactly the same number (eh?) to some other number equally unrelated to the
> contents of the zone.
>
> Or do the numbers here mean something different?
The numbers are overall counts for that view, after the contents of that
policy zone have been loaded. Cumulatively, they should match the number
of records in your policy zones (named starts with empty RPZ state).
> This is on 9.10.2-P4
If these numbers (for the view) don't match up, can you try reproducing
this with 9.10.3-rc1 and let us know what you get? There have been some
bugfixes since 9.10.2.
How many policy zones do you have? If you can, please send us your named
configuration and the expected number of RRs that you intend to see.
Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150903/5e2b189d/attachment.bin>
More information about the bind-users
mailing list