Latest BIND: Error "rpz_rewrite_name: mismatched summary data; continuing"
he at uninett.no
Fri Apr 26 20:08:43 UTC 2019
I'm resurrecting an old thread:
>> Is there a workaround/configuration-directive not to log every request with
>> this "error"? One way would be using BIND 9.9.9-P2 (because this code was
>> added in 9.10.x...), but I would prefer 9.10.x.
> (1) Don't use regular BIND 9.9 for RPZ. For using RPZ, please use 9.10
> and higher (or 9.9 subscription branch that's available to ISC
> customers). RPZ in vanilla 9.9 is unmaintained and unsupported (it was
> experimental there).
I'm seeing the exact same behaviour with 9.12.4-P1 and 9.14.1.
We're using a fairly static RPZ setup with an RPZ zone containing
at the moment only some 225 nodes.
It seems that the frequency of the log messages is about as
stated: once for each and every query, perhaps for each query
where a lookup in the rpz zone gets a "doesn't exist" status,
which would be nearly all queries in our case.
I worry that this high frequency of logging might negatively
impact query performance...
> (2) We'll look at tweaking this log message, but if you want to just not
> see this log message, just recompile after removing the offending CTRACE
> statement from bin/named/query.c. In fact, this code is normally enabled
> when configured with --enable-querytrace. Do you have query tracing
> configured? Is seeing this additional log message so inconvenient then?
I think there must be something wrong with the log message. It
seems excessive to log this message about once per query,
especially since it seems to (misleadingly?) indicate an error
condition? I'm not intimate enough with the code to suggest what
the exact problem is, though.
And ... as stated, configuring without --enable-querytrace
removes the log message.
More information about the bind-users