At Tue, 2 Dec 2008 15:55:45 MST, "Bill Larson" <[EMAIL PROTECTED]> wrote:
> Adding functionality for for the purpose of better operations is one thing. > Including the capability of performing zone transfers inside BIND was a great > addition rather than having a separate "named-xfer" tool. This made running > in a chroot environment much simpler, easier, and secure. This is "good" > additional functionality. > > Additional functionality, such as adding additional query logging > capabilities that aren't critical to the operation of the basic system, > simply increase complexity with the inherent decrease in security that makes > this type of addition a drawback. > > Please, keep BIND as simple as possible (but not simpler). Leave additional > capabilities to separate tools such as "dnscap". I see your point. My original motivation about the additional logging somehow relating queries was to provide more detailed information of server failures so that the operator can (hopefully) identify the cause of failures of specific queries. Since it's often very difficult to identify the cause of server failures due to its generality, and since the cause may not always be externally observable (e.g. via a packet dump), I believe the benefit for better operation outweighs implementation complexity. Adding log messages for other query-related information is an extension of this work, but I myself am not 100% sure if this makes sense exactly for the reason you pointed out: these can be obtained by other tools such as a packet capture tool. That's why I've been soliciting opinions here. Thanks, --- JINMEI, Tatuya Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
