Re: DNSSEC/Log Spam for partially DNSSEC domain

From: Michael Mitchell <mmitchel_at_gmail.com>
Date: Fri, 29 Jun 2018 19:33:02 -0700
/etc/syslog.conf maybe

mdm - from a phone

On Fri, Jun 29, 2018, 7:27 PM Larry Rosenman <ler_at_freebsd.org> wrote:

> I'm running Exim, with DNSSEC enabled, and my zone (lerctr.org) is
> DNSSEC signed, but my dyn.lerctr.org subdomain is NOT DNSSEC signed due
> to HE.net don't support DNSSEC.
>
> I get a ton of:
> Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked
> for "borg.lerctr.org IN AAAA", got type "RRSIG"
> Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked
> for "borg.lerctr.org IN A", got type "RRSIG"
>
> in my logs, which comes from libc:
> /usr/src/lib/libc/net/getaddrinfo.c:
>    2092 #ifdef DEBUG
>    2093                         if (type != T_KEY && type != T_SIG &&
>    2094                             type != ns_t_dname)
>    2095                                 syslog(LOG_NOTICE|LOG_AUTH,
>    2096                "gethostby*.getanswer: asked for \"%s %s %s\", got
> type \"%s\"",
>    2097                                        qname, p_class(C_IN),
> p_type(qtype),
>    2098                                        p_type(type));
>    2099 #endif
>
> Is there an easy way to make this quieter?
>
>
>
>
> --
> Larry Rosenman                         https://people.FreeBSD.org/~ler/
> Phone: +1 214-642-9640                 E-Mail: ler_at_FreeBSD.org
> US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
>
Received on Sat Jun 30 2018 - 00:33:16 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:16 UTC