Bug 489986 - default logfile in named.conf breaks with logrotate settings
default logfile in named.conf breaks with logrotate settings
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-12 15:15 EDT by Eddie Lania
Modified: 2013-04-30 19:42 EDT (History)
3 users (show)

See Also:
Fixed In Version: 9.5.1-2.P2.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-25 12:02:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eddie Lania 2009-03-12 15:15:28 EDT
Description of problem: default logfile in named.conf breaks with logrotate settings.

In the default named conf:

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

In /etc/logrotate.d/named:

/var/log/named.log {
    missingok
    create 0644 named named
    postrotate
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}

In a chrooted environment, named doesn't write to /var/log/named.log but instead it writes in /var/named/chroot/var/named/data/named.run.

This file is growing and growing (especially when on the same machine tools like spamassassin are being used to filter spam messages).

The weird thing is that everything is being logged twice: first every lookup failure is being written in the /var/log/messages (which really makes it hard to see other non-named messages in the messages log) and second it also is written in the /var/named/chroot/var/named/data/named.run file.

In my opinion it should really not be necessary to write named info on two places at the same time.

Because the information from the debug channel in /var/named/chroot/var/named/data/named.run is not being time-stamped, I would think the best approach here is to disable the debug channel in named.conf and to adapt rsyslog's configuration to redirect named messages from the system messages log to the /var/log/named.log file. this would also fix the broken logrotate configuration for named.


Version-Release number of selected component (if applicable):

bind-libs-9.5.1-1.P1.fc10.i386
bind-utils-9.5.1-1.P1.fc10.i386
bind-9.5.1-1.P1.fc10.i386
bind-chroot-9.5.1-1.P1.fc10.i386
logrotate-3.7.7-1.fc10.i386



How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Eddie Lania 2009-03-19 19:09:55 EDT
In /etc/logrotate.d/named:

/var/log/named.log {
    missingok
    create 0644 named named
    postrotate
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}

If I change this to:

/var/named/chroot/var/log/named.log {
    missingok
    create 0644 named named
    postrotate
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}

Is that ok?

I adapted the channels logging so that default is logged in /var/named/chroot/var/log/named.log
Comment 2 Adam Tkac 2009-03-23 11:07:26 EDT
(In reply to comment #1)
> If I change this to:
> 
> /var/named/chroot/var/log/named.log {
>     missingok
>     create 0644 named named
>     postrotate
>         /sbin/service named reload  2> /dev/null > /dev/null || true
>     endscript
> }
> 
> Is that ok?

It's not good idea. It will break configurations which don't use chroot.

I changed default logrotate destination to /var/named/data/named.run. If you install bind-chroot then you have to manually change logrotate settings. There is no way how automatically redirect /etc/logrotate.d/named to /var/named/chroot/var/named/data/named.run.
Comment 3 Fedora Update System 2009-03-23 11:42:39 EDT
bind-9.5.1-2.P2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/bind-9.5.1-2.P2.fc10
Comment 4 Fedora Update System 2009-03-25 12:02:43 EDT
bind-9.5.1-2.P2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.