On Tue, 2008-12-02 at 15:55 -0700, Bill Larson wrote: > Query logging is a great idea, but OARC has already produced a very > functional "dnscap" which will capture all DNS traffic, queries and > responses, incoming and outgoing. Maybe this type of logging functionality > could be better relegated to a third party tool such as "dnscap" rather than > being built directly into BIND.
It sounds like you're saying that ISC should be removing some of the existing logging functions from BIND, rather than adding more. Logging queries, updates, zone transfers, etc., is all superfluous when you have a packet sniffer. An awful lot of debug-level logging is likewise useless and maybe should not be in the release-quality code, or at least not built into the binary unless 'configure' is passed some kind of "debug build" switch. Is that what you're saying? Personally, I think the ability to see not only the incoming query but also the outgoing queries caused by that query and all of the responses received *and sent* is a useful thing for debugging. Not everyone has the ability to use and understand dnscap. BIND does not need to be tailored just for those who already know what they're doing. Chris Buxton Men & Mice _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
