Frédéric Brière
2007-Sep-24 17:57 UTC
[Logcheck-devel] Bug#443869: logcheck-database: [bind] notify question section contains no SOA
Package: logcheck-database Version: 1.2.61 Severity: wishlist Here's a new rule for ignore.d.server/bind: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: (client [.#[:digit:]]+: )?notify question section contains no SOA$ This is apparently triggered by DJB's DNS survey (<http://cr.yp.to/surveys/dns1.html>, packet #5). It doesn't show up too often (I've seen it twice in the past month), but it's getting on my nerves nonetheless. (I don't think any sane DNS server, no matter how poorly configured, would send such a malformed packet. And even if it did, the slaves will automatically refresh their DNS record once it expires anyway.) BTW, after hesitating a little, I caved in and left the "client" part optional, just in case some poor schmo wants to backport this to sarge. (See bug #303176 for more details.) Feel free to remove the "(" and ")?" if you favor readability over stone-age compatibility. :) -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core) Locale: LANG=en_CA.utf-8, LC_CTYPE=en_CA.utf-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- debconf information excluded
Apparently Analagous Threads
- Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
- Bug#312376: /etc/logcheck/logcheck.ignore is no longer read
- Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
- Bug#471072: logcheck-database: Moving most of violations.ignore.d to ignore.d.*
- Bug#445074: /etc/logcheck/ignore.d.server/ssh: Nasty PTR record