Bug 489986

Summary: default logfile in named.conf breaks with logrotate settings
Product: [Fedora] Fedora Reporter: Eddie Lania <eddie>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 10CC: atkac, ovasik, pwouters
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 9.5.1-2.P2.fc10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-25 16:02:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eddie Lania 2009-03-12 19:15:28 UTC
Description of problem: default logfile in named.conf breaks with logrotate settings.

In the default named conf:

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

In /etc/logrotate.d/named:

/var/log/named.log {
    missingok
    create 0644 named named
    postrotate
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}

In a chrooted environment, named doesn't write to /var/log/named.log but instead it writes in /var/named/chroot/var/named/data/named.run.

This file is growing and growing (especially when on the same machine tools like spamassassin are being used to filter spam messages).

The weird thing is that everything is being logged twice: first every lookup failure is being written in the /var/log/messages (which really makes it hard to see other non-named messages in the messages log) and second it also is written in the /var/named/chroot/var/named/data/named.run file.

In my opinion it should really not be necessary to write named info on two places at the same time.

Because the information from the debug channel in /var/named/chroot/var/named/data/named.run is not being time-stamped, I would think the best approach here is to disable the debug channel in named.conf and to adapt rsyslog's configuration to redirect named messages from the system messages log to the /var/log/named.log file. this would also fix the broken logrotate configuration for named.


Version-Release number of selected component (if applicable):

bind-libs-9.5.1-1.P1.fc10.i386
bind-utils-9.5.1-1.P1.fc10.i386
bind-9.5.1-1.P1.fc10.i386
bind-chroot-9.5.1-1.P1.fc10.i386
logrotate-3.7.7-1.fc10.i386



How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Eddie Lania 2009-03-19 23:09:55 UTC
In /etc/logrotate.d/named:

/var/log/named.log {
    missingok
    create 0644 named named
    postrotate
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}

If I change this to:

/var/named/chroot/var/log/named.log {
    missingok
    create 0644 named named
    postrotate
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}

Is that ok?

I adapted the channels logging so that default is logged in /var/named/chroot/var/log/named.log

Comment 2 Adam Tkac 2009-03-23 15:07:26 UTC
(In reply to comment #1)
> If I change this to:
> 
> /var/named/chroot/var/log/named.log {
>     missingok
>     create 0644 named named
>     postrotate
>         /sbin/service named reload  2> /dev/null > /dev/null || true
>     endscript
> }
> 
> Is that ok?

It's not good idea. It will break configurations which don't use chroot.

I changed default logrotate destination to /var/named/data/named.run. If you install bind-chroot then you have to manually change logrotate settings. There is no way how automatically redirect /etc/logrotate.d/named to /var/named/chroot/var/named/data/named.run.

Comment 3 Fedora Update System 2009-03-23 15:42:39 UTC
bind-9.5.1-2.P2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/bind-9.5.1-2.P2.fc10

Comment 4 Fedora Update System 2009-03-25 16:02:43 UTC
bind-9.5.1-2.P2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.