dopefish.de » bind http://www.dopefish.de Headquaters of the evil genius Mon, 23 Jan 2012 13:34:46 +0000 en hourly 1 http://wordpress.org/?v= (E)DNS – Bind logging errors http://www.dopefish.de/archives/93 http://www.dopefish.de/archives/93#comments Wed, 30 Jul 2008 16:26:44 +0000 dopefish http://www.dopefish.de/archives/93 Anyone that has upgraded Bind recently is probably wondering where all those EDNS error messages are suddenly coming from. Well, since I’d rather fix a problem than set up an ignore rule for tiger, I did some digging and found out this much:
EDNS is an extension to “normal” DNS and has been around for some time. The most often reason these error messages are triggered, is when a firewall decides to drop dns messages that it thinks are too big (> 512 bytes). If this is happening on “your end” than the best solution would be to simply fix the firewall. If this is happening on the other end, or if it is something more obscure like a Firewall blocking fragmented NAT packets, than you might be better off just disabling the logging for this situation. On my system /etc/bin/named.conf.local is included by named.conf (saves me any hassle when updating bind via the distributions packages since all my changes are in a separate file)

/etc/bind/named.conf.local
logging {
category lame-servers { null; };
category edns-disabled { null; };
};

This turns off logging for edns-disabled and lame-server messages. So you can concentrate on the more important logging messages ;-)

]]> http://www.dopefish.de/archives/93/feed 0