Re: lame servers resolving

From: Alexander Dalloz (alexander.dalloz_at_uni-bielefeld.de)
Date: 06/29/04

  • Next message: Corné Beerse: "Re: ntp synchronisation failed" 
    Date: Tue, 29 Jun 2004 15:43:41 +0200
To: For users of Fedora Core releases <fedora-list@redhat.com>

    Am Mo, den 28.06.2004 schrieb T. Nifty Hat Mitchell um 22:23:

    Hi Tom!

    > How do you filter lame-server messages so you can discover
    > problems with your own domain and toss those that are out
    > of your control?
    >
    > My practice when I had responsibility of a large name space was to not
    > filter any errors going into the logs. When scanning the logs I would
    > often build filters on the fly and verify that none of the errors
    > had their root cause in anything I had responsibility for.
    >
    > On boxes that were a consumer of DNS data then filtering this error
    > might be ok. i.e. a local caching name server (SOA for
    > localhost.localdomain and look up all the rest). No filters on mail
    > relays and MX hosts that might hide a problem.

    > T o m M i t c h e l l
    > /dev/null the ultimate in secure storage.

    Your warning is correct and rereading my reply to Olga's question was in
    the sense of your arguments a bit unresponsible. Of course lame server
    notifications have their sense. So instead of directing a lame server
    messages to /dev/null it is a good decision to log them to a separate
    logfile. A possible setup to do so would be in the named.conf:

    logging {
            channel lamers {
                    file "/var/log/lamer.log" versions 4 size 1m;
                    severity info;
                    print-time yes;
                    print-category yes;
                    print-severity yes;
            };
            category lame-servers {
                    lamers;
            };
    };

    Such a log can be quickly grepped for notifications caused by own
    errors.

    Alexander 

    -- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 
Serendipity 15:35:26 up 2 days, 17:22, load average: 0.59, 0.26, 0.18 



    


    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Corné Beerse: "Re: ntp synchronisation failed"

    Relevant Pages

    • Re: IAS/RADIUS server has passed an invalid value
      ... Is the connection actually matching the policy on which filters are ... log the name of the remote access policy which has been matched. ... Have only the IP filters configured on this policy. ... that in first case the ISA2004 logs the error ...
      (microsoft.public.windows.server.networking)
    • RE: important errors to control with swatch
      ... create your own RegEx filters. ... I use SEC to monitor a "combined" log from my central syslog server and have ... to, at times, create new filters for it. ... you should look at your logs and decide which ones you'd like to be ...
      (Focus-Linux)
    • Re: Outlook calendar issue??????????????????
      ... No view filters, but in an oddity, if he logs into OWA he ... >Dan wrote: ... >> calendar entries other than those he manually enters. ...
      (microsoft.public.exchange2000.admin)
    • Re: securityadmin.info
      ... One of your firewall's cheesy content filters is ... logs, post them, and we'll set everyone straight... ...
      (microsoft.public.win2000.security)
    • Re: New httpd patch bad?
      ... A check of the httpd logs ... access_log entries which are caused by attackers who use overlong ... to attack vulnerable IIS hosts and not Apache. ... Fedora GNU/Linux Core 1 on Athlon CPU kernel 2.4.22-1.2188.nptl ...
      (Fedora)