DNSSEC/Log Spam for partially DNSSEC domain
Dimitry Andric
dim at FreeBSD.org
Sat Jun 30 09:33:25 UTC 2018
On 30 Jun 2018, at 04:03, Larry Rosenman <ler at FreeBSD.org> wrote:
>
> I'm running Exim, with DNSSEC enabled, and my zone (lerctr.org) is
> DNSSEC signed, but my dyn.lerctr.org subdomain is NOT DNSSEC signed due
> to HE.net don't support DNSSEC.
>
> I get a ton of:
> Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked for "borg.lerctr.org IN AAAA", got type "RRSIG"
> Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked for "borg.lerctr.org IN A", got type "RRSIG"
>
> in my logs, which comes from libc:
> /usr/src/lib/libc/net/getaddrinfo.c:
> 2092 #ifdef DEBUG
> 2093 if (type != T_KEY && type != T_SIG &&
> 2094 type != ns_t_dname)
> 2095 syslog(LOG_NOTICE|LOG_AUTH,
> 2096 "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"",
> 2097 qname, p_class(C_IN), p_type(qtype),
> 2098 p_type(type));
> 2099 #endif
>
> Is there an easy way to make this quieter?
I see this code is only included if DEBUG is defined. Maybe undefine
DEBUG, for this particular file? Or hack it so it has #undef DEBUG at
the top?
That said, I'm not sure if debug messages like this should be enabled by
default, and impossible to squelch without recompiling libc. So maybe
we should #if 0 it, instead.
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 223 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20180630/d73ef793/attachment.sig>
More information about the freebsd-current
mailing list