Frédéric Brière
2007-Sep-24 17:57 UTC
[Logcheck-devel] Bug#443869: logcheck-database: [bind] notify question section contains no SOA
Package: logcheck-database
Version: 1.2.61
Severity: wishlist
Here's a new rule for ignore.d.server/bind:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (client [.#[:digit:]]+:
)?notify question section contains no SOA$
This is apparently triggered by DJB's DNS survey
(<http://cr.yp.to/surveys/dns1.html>, packet #5). It doesn't show up
too often (I've seen it twice in the past month), but it's getting on my
nerves nonetheless.
(I don't think any sane DNS server, no matter how poorly configured,
would send such a malformed packet. And even if it did, the slaves will
automatically refresh their DNS record once it expires anyway.)
BTW, after hesitating a little, I caved in and left the "client" part
optional, just in case some poor schmo wants to backport this to sarge.
(See bug #303176 for more details.) Feel free to remove the "(" and
")?" if you favor readability over stone-age compatibility. :)
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core)
Locale: LANG=en_CA.utf-8, LC_CTYPE=en_CA.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- debconf information excluded
Possibly Parallel Threads
- Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
- Bug#312376: /etc/logcheck/logcheck.ignore is no longer read
- Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
- Bug#471072: logcheck-database: Moving most of violations.ignore.d to ignore.d.*
- Bug#445074: /etc/logcheck/ignore.d.server/ssh: Nasty PTR record
Wisdom of the Ancients
