More BIND statistics patches...
Brad Knowles
blk at skynet.be
Thu Mar 9 15:17:11 UTC 2000
Folks,
My co-worker has come up with some more patches relative to BIND
8.2.2-P5 for improving the statistics collected and reported. The
patch is below.
The new statistics we're gathering are:
"RUQ", /* sent us an unapproved query */
"RURQ", /* sent us an unapproved recursive query */
"RUXFR", /* sent us an unapproved AXFR or IXFR */
"RUUpd", /* sent us an unapproved update */
For obvious security reasons, I think that these are things most
anyone would want to track, and I would like very much to get these
incorporated into the release of 8.2.3.
Thanks!
--- bind-8.2.2p5.orig/src/bin/named/ns_stats.c Wed Oct 13 18:39:12 1999
+++ bind-8.2.2p5/src/bin/named/ns_stats.c Thu Mar 9 09:13:38 2000
@@ -207,6 +207,10 @@
"SFErr", /* sent them a FORMERR */
"SNaAns", /* sent them a non autoritative answer */
"SNXD", /* sent them a negative response */
+ "RUQ", /* sent us an unapproved query */
+ "RURQ", /* sent us an unapproved recursive query */
+ "RUXFR", /* sent us an unapproved AXFR or IXFR */
+ "RUUpd", /* sent us an unapproved update */
};
/*
--- bind-8.2.2p5.orig/src/bin/named/ns_defs.h Thu Oct 7 10:24:08 1999
+++ bind-8.2.2p5/src/bin/named/ns_defs.h Thu Mar 9 09:13:12 2000
@@ -639,6 +639,10 @@
nssSentFErr, /* sent them a FORMERR */
nssSentNaAns, /* sent them a non autoritative answer */
nssSentNXD, /* sent them a negative response */
+ nssRcvdUQ, /* sent us an unapproved query */
+ nssRcvdURQ, /* sent us an unapproved recursive query */
+ nssRcvdUXFR, /* sent us an unapproved AXFR or IXFR */
+ nssRcvdUUpd, /* sent us an unapproved update */
nssLast };
struct nameser {
--- bind-8.2.2p5.orig/src/bin/named/ns_req.c Fri Oct 15 21:49:04 1999
+++ bind-8.2.2p5/src/bin/named/ns_req.c Thu Mar 9 09:15:55 2000
@@ -891,6 +891,7 @@
ns_notice(ns_log_security,
"unapproved query from %s for \"%s\"",
sin_ntoa(from), *dname ? dname : ".");
+ nameserIncr(from.sin_addr, nssRcvdUQ);
return (Refuse);
}
} else {
@@ -911,6 +912,7 @@
"unapproved %s from %s for \"%s\" (acl)",
p_type(type), sin_ntoa(from),
*dname ? dname : ".");
+ nameserIncr(from.sin_addr, nssRcvdUXFR);
return (Refuse);
}
@@ -921,6 +923,7 @@
"unapproved %s from %s for \"%s\" (not master/slave)",
p_type(type), sin_ntoa(from),
*dname ? dname : ".");
+ nameserIncr(from.sin_addr, nssRcvdUXFR);
return (Refuse);
}
@@ -931,6 +934,7 @@
"unapproved %s from %s for \"%s\" (not authoritative)",
p_type(type), sin_ntoa(from),
*dname ? dname : ".");
+ nameserIncr(from.sin_addr, nssRcvdUXFR);
return (Refuse);
}
@@ -941,6 +945,7 @@
"unapproved %s from %s for \"%s\" (not zone top)",
p_type(type), sin_ntoa(from),
*dname ? dname : ".");
+ nameserIncr(from.sin_addr, nssRcvdUXFR);
return (Refuse);
}
@@ -1206,6 +1211,7 @@
ns_notice(ns_log_security,
"unapproved recursive query from %s for %s",
sin_ntoa(from), *dname ? dname : ".");
+ nameserIncr(from.sin_addr, nssRcvdURQ);
}
/*
--- bind-8.2.2p5.orig/src/bin/named/ns_update.c Fri Nov 5 05:40:58 1999
+++ bind-8.2.2p5/src/bin/named/ns_update.c Thu Mar 9 09:17:07 2000
@@ -1191,6 +1191,7 @@
if (!ip_addr_or_key_allowed(zp->z_update_acl, from.sin_addr, in_key)) {
ns_notice(ns_log_security, "unapproved update from %s for %s",
sin_ntoa(from), *dname ? dname : ".");
+ nameserIncr(from.sin_addr, nssRcvdUUpd);
return (Refuse);
}
--
These are my opinions and should not be taken as official Skynet policy
=========================================================================
Brad Knowles, <blk at skynet.be> Sys. Arch., Mail/News/FTP/Proxy Admin
Note: No Microsoft programs were used in the creation or distribution of
this message. If you are using a Microsoft program to view this message,
be forewarned that I am not responsible for any harm you may encounter as
a result.
See <http://i-want-a-website.com/about-microsoft/twelve-step.html> for
details.
More information about the bind-workers
mailing list