[bind10-dev] Topics for BIND 10 team call, 2011-12-13
Stephen Morris
stephen at isc.org
Tue Dec 13 10:46:46 UTC 2011
On 08/12/2011 17:42, JINMEI Tatuya / 神明達哉 wrote:
> - log level verbosity, especially for events triggered by a third
> party like when logging malformed incoming request
> (error/warn/info?). See also
> http://bind10.isc.org/ticket/1299#comment:15 (for
> log-level-bikeshed)
As I will be in a DHCP call and will miss this afternoon's meeting,
I'll put my thoughts here:
Regarding logging levels generally, some guidelines were written and
are in the src/lib/log/README file. These are:
FATAL
-----
The program has encountered an error that is so severe that it cannot
continue (or there is no point in continuing). When a fatal error
has been logged, the program will usually exit immediately (or shortly
afterwards) after dumping some diagnostic information.
ERROR
-----
Something has happened such that the program can continue but the
results for the current (or future) operations cannot be guaranteed to
be correct, or the results will be correct but the service is impaired.
For example, the program started but attempts to open one or more network
interfaces failed.
WARN
----
An unusual event happened. Although the program will continue working
normally, the event was sufficiently out of the ordinary to warrant
drawing attention to it. For example, at program start-up a zone was
loaded that contained no resource records,
INFO
----
A normal but significant event has occurred that should be recorded,
e.g. the program has started or is just about to terminate, a new zone
has been created, etc.
DEBUG
-----
This severity is only enabled on for debugging purposes. A debug level is
associated with debug messages, level 0 (the default) being for high-level
messages and level 99 (the maximum) for the lowest level. How the
messages are distributed between the levels is up to the developer.
So if debugging the NSAS (for example), a level 0 message might record
the creation of a new zone, a level 10 recording a timeout when trying
to get a nameserver address, but a level 50 would record every query for
an address. (And we might add level 70 to record every update of the RTT.)
Missing from these guidelines is the issue Jinmei raised, that of
verbosity of events generated by a third party. Since the default
logging level is INFO, I think that such events ought to be logged at a
level of DEBUG. If not, you have the chance of a DoS attack with a
flood of such packets being sent to BIND10 and filling up the logs.
Stephen
More information about the bind10-dev
mailing list