RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 666244 - bind-dyndb-ldap produces excessive logs
Summary: bind-dyndb-ldap produces excessive logs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: bind-dyndb-ldap
Version: 6.0
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Adam Tkac
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 667704
TreeView+ depends on / blocked
 
Reported: 2010-12-29 20:30 UTC by Phil Anderson
Modified: 2015-01-04 23:45 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 13:35:07 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0606 0 normal SHIPPED_LIVE bind-dyndb-ldap bug fix and enhancement update 2011-05-18 17:56:28 UTC

Description Phil Anderson 2010-12-29 20:30:34 UTC 
Description of problem:
The bind-dyndb-ldap DNS backend produces 2 log messages to /var/log/messages for each DNS query.  This is excessive for a production environment, and causes log files to grow rapidly. 

The ability to do this might exist, but if it does, the documentation in /usr/share/doc/bind-dyndb-ldap-0.1.0 doesn't mention any way to reduce the logging to a sane level for production servers.
Comment 6 Adam Tkac 2011-04-04 11:40:50 UTC 
(In reply to comment #5)
> Please add steps to reproduce/verify.  What are the excessive
> /var/log/messages? Thanks

1. install freeipa-server package
2. run `ipa-server-install --setup-dns --forwarder=<fwd_ip> --selfsign`; please substitute "fwd_ip" by IP address of the recursive DNS server, for example from the /etc/resolv.conf
3. check /var/log/messages, old version (bind-dyndb-ldap-0.1.0-0.9.b.el6) will contain entries like:

Apr  4 13:35:24 f15 named[27401]: querying 'idnsname=24.34.10.in-addr.arpa.,cn=dns,dc=atkac,dc=brq,dc=redhat,dc=com' with '(objectClass=idnsRecord)'
Apr  4 13:35:24 f15 named[27401]: entry count: 1
Apr  4 13:35:24 f15 named[27401]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr  4 13:35:24 f15 named[27401]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Apr  4 13:35:24 f15 named[27401]: querying 'idnsname=atkac.brq.redhat.com,cn=dns,dc=atkac,dc=brq,dc=redhat,dc=com' with '(objectClass=idnsRecord)'
Apr  4 13:35:24 f15 named[27401]: entry count: 1
Apr  4 13:35:24 f15 named[27401]: querying 'idnsName=f15, idnsname=atkac.brq.redhat.com,cn=dns,dc=atkac,dc=brq,dc=redhat,dc=com' with '(objectClass=idnsRecord)'

New version shouldn't write such messages to the log.
Comment 7 Jenny Severance 2011-04-07 18:53:54 UTC 
installed IPA server - 

no querying messages in log 

Apr  7 08:13:21 ipaqa64vmb named[7817]: adjusted limit on open files from 1024 to 1048576
Apr  7 08:13:21 ipaqa64vmb named[7817]: found 2 CPUs, using 2 worker threads
Apr  7 08:13:21 ipaqa64vmb named[7817]: using up to 4096 sockets
Apr  7 08:13:21 ipaqa64vmb named[7817]: loading configuration from '/etc/named.conf'
Apr  7 08:13:21 ipaqa64vmb named[7817]: using default UDP/IPv4 port range: [1024, 65535]
Apr  7 08:13:21 ipaqa64vmb named[7817]: using default UDP/IPv6 port range: [1024, 65535]
Apr  7 08:13:21 ipaqa64vmb named[7817]: listening on IPv6 interfaces, port 53
Apr  7 08:13:21 ipaqa64vmb named[7817]: listening on IPv4 interface lo, 127.0.0.1#53
Apr  7 08:13:21 ipaqa64vmb named[7817]: listening on IPv4 interface eth0, 10.16.98.183#53
Apr  7 08:13:21 ipaqa64vmb named[7817]: generating session key for dynamic DNS
Apr  7 08:13:21 ipaqa64vmb named[7817]: set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 127.IN-ADDR.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 254.169.IN-ADDR.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: D.F.IP6.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 8.E.F.IP6.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 9.E.F.IP6.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: A.E.F.IP6.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: B.E.F.IP6.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Apr  7 08:13:21 ipaqa64vmb named[7817]: none:0: open: /etc/rndc.key: file not found
Apr  7 08:13:21 ipaqa64vmb named[7817]: couldn't add command channel 127.0.0.1#953: file not found
Apr  7 08:13:21 ipaqa64vmb named[7817]: none:0: open: /etc/rndc.key: file not found
Apr  7 08:13:21 ipaqa64vmb named[7817]: couldn't add command channel ::1#953: file not found
Apr  7 08:13:21 ipaqa64vmb named[7817]: the working directory is not writable
Apr  7 08:13:21 ipaqa64vmb named[7817]: zone 0.in-addr.arpa/IN: loaded serial 0
Apr  7 08:13:21 ipaqa64vmb named[7817]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr  7 08:13:21 ipaqa64vmb named[7817]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Apr  7 08:13:21 ipaqa64vmb named[7817]: zone localhost.localdomain/IN: loaded serial 0
Apr  7 08:13:21 ipaqa64vmb named[7817]: zone localhost/IN: loaded serial 0
Apr  7 08:13:21 ipaqa64vmb named[7817]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: file not found
Apr  7 08:13:21 ipaqa64vmb named[7817]: managed-keys-zone ./IN: loaded serial 0
Apr  7 08:13:21 ipaqa64vmb named[7817]: running

subsequent ipa dns queries produce no query messages


verision:
ipa-server-2.0.0-20.el6.x86_64
bind-dyndb-ldap-0.2.0-1.el6.x86_64
Comment 8 errata-xmlrpc 2011-05-19 13:35:07 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0606.html
Note You need to log in before you can comment on or make changes to this bug.