Is per "view" logging possible with bind?

2009-01-31 Thread Justin Piszcz 

I have multiple views:

internal
external
localhost

Is it possible instead of seeing this in the logs:
31-Jan-2009 08:27:47.458 client 127.0.0.1#44632: view localhost: query: 
_policy._domainkey.lists.isc.org IN TXT +
31-Jan-2009 08:28:22.506 client 192.168.0.55#33380: view internal: query: 
p34.internal.lan IN  +

To separate them out so ALL related logs for the internal view can be
re-directed to a separate logfile?  The same for the localhost view?
Or would the only way to do-- is use syslog-ng or similar?

What I would like:
/var/log/bind/queries-internal.log
/var/log/bind/queries-external.log
/var/log/bind/queries-localhost.log

My current configuration:

// Setup logging for statistical and debugging purposes.
logging {

  // Define channels.
  channel default_file { file "/var/log/bind/default.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel general_file { file "/var/log/bind/general.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel database_file { file "/var/log/bind/database.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel security_file { file "/var/log/bind/security.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel config_file { file "/var/log/bind/config.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel resolver_file { file "/var/log/bind/resolver.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel xfer-in_file { file "/var/log/bind/xfer-in.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel xfer-out_file { file "/var/log/bind/xfer-out.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel notify_file { file "/var/log/bind/notify.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel client_file { file "/var/log/bind/client.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel unmatched_file { file "/var/log/bind/unmatched.log" versions 3 size 
5m; severity debug; print-time yes; };
  channel queries_file { file "/var/log/bind/queries.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel network_file { file "/var/log/bind/network.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel update_file { file "/var/log/bind/update.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel update-security_file { file "/var/log/bind/update-security.log" 
versions 3 size 5m; severity debug; print-time yes; };
  channel dispatch_file { file "/var/log/bind/dispatch.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel dnssec_file { file "/var/log/bind/dnssec.log" versions 3 size 5m; 
severity debug; print-time yes; };
  channel lame-servers_file { file "/var/log/bind/lame-servers.log" versions 3 
size 5m; severity debug; print-time yes; };
  channel delegation-only_file { file "/var/log/bind/delegation-only.log" 
versions 3 size 5m; severity debug; print-time yes; };

  // Define categories.
  category default { default_file; };
  category general { general_file; };
  category database { database_file; };
  category security { security_file; };
  category config { config_file; };
  category resolver { resolver_file; };
  category xfer-in { xfer-in_file; };
  category xfer-out { xfer-out_file; };
  category notify { notify_file; };
  category client { client_file; };
  category unmatched { unmatched_file; };
  category queries { queries_file; };
  category network { network_file; };
  category update { update_file; };
  category update-security { update-security_file; };
  category dispatch { dispatch_file; };
  category dnssec { dnssec_file; };
  category lame-servers { lame-servers_file; };
  category delegation-only { delegation-only_file; };

};


Justin.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

2009-01-31 Thread Jeff Lightner 
What?!  

And all this time I just assumed it was the Martian Sand variety that
was being spoken of on all the "save the whales" bumper stickers.

Maybe Al will end up winning the Darwin Award for another one of his
avante garde ideas.   He'll decide that the conventional wisdom that
exhausting his engine through a tail pipe instead of into the cabin is
the cause of global warming and modify his car...

-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Danny Thomas
Sent: Saturday, January 31, 2009 2:18 AM
To: bind-users@lists.isc.org
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"

Al Stu wrote:
> History is fraught with individuals or a few being ridiculed for 
> putting forth that which goes against the conventional wisdom of the 
> masses and so called experts, only to be vindicated once the masses 
> and so called experts get their head out where the sun is shining and 
> exposed to the light of day.
>
> Once upon a time the world was 'flat'.  For some of you, apparently is

> still is 'flat'.
and for every Einstein, Columbus, etc, there have been untold people
whose
beliefs were not accepted. So whenever I see this line of argument 
advanced in a
simplistic way, particularly with a hint of an heroic struggle against 
orthodoxy,
I can't help thinking that the odds of "heretical views" being 
vindicated is pretty low.
One belief yet to be accepted is the existence of Martian sand whales.

*really plonk*


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
 
Please consider our environment before printing this e-mail or attachments.
--
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you are 
not the intended recipient, any disclosure, copying, distribution, or use of 
the contents of this information is prohibited and may be unlawful. If you have 
received this electronic transmission in error, please reply immediately to the 
sender that you have received the message in error, and delete it. Thank you.
--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

2009-01-31 Thread Al Stu 


The basic argument that because it can be misused, abused, criminally 
exploited, etc., it should be abolished, not permitted, and deemed "illegal" 
by a group of people who should not have that authority, even though it has 
practical and beneficial uses is absurd.  By that same logic automobiles 
should also be abolished and we should all just go back to horse and buggy. 
Oh wait, those too should be abolished based on that same logic.



- Original Message - 
From: "Michael Milligan" 

To: "Al Stu" 
Cc: 
Sent: Friday, January 30, 2009 10:20 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
"Illegal"




You just don't get it.  You are off wandering around in the weeds.

Read the tail end of Chapter 5 in the book "DNS and BIND" describing the
MX selection algorithm in layman's terms to (perhaps) understand why
having MX records referencing CNAMEs is bad.

It may work right now for you, but referencing CNAMEs in MX records
eventually _will_ cause delivery loops the next time you accidentally
fat-finger a config.  If you continue to be hard-headed about this and
not listen to the 100s of years of collective wisdom dispensed, then go
ahead and leave yourself set up for a potential DoS against yourself,
we're not going to stop you...  and we're not going to feel sorry for
you either.

FIN

Regards,
Mike

Al Stu wrote:

Analyze this.

Query MX dns.com

Response MX nullmx.domainmanager.com

Query A nullmx.domainmanager.com

Response CNAME mta.dewile.net, A 64.40.103.249





___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

2009-01-31 Thread Al Stu 
If I am trolling, that would make you a sucker/trash fish.  Was the bait tasty?

That sentence does not make sense.

  - Original Message - 
  From: Noel Butler 
  To: bind-users@lists.isc.org 
  Sent: Friday, January 30, 2009 11:12 PM
  Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
"Illegal"


  On Sat, 2009-01-31 at 16:55, Al Stu wrote: 
History is fraught with individuals or a few being ridiculed for putting 
forth that which goes against the conventional wisdom of the masses and so 
  You don't get to speak for anyone else but yourself,  just because you 
believe in your own trolling, don't assume agree with you, let alone "masses" 
of others 


--


  ___
  bind-users mailing list
  bind-users@lists.isc.org
  https://lists.isc.org/mailman/listinfo/bind-users___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

2009-01-31 Thread Al Stu 
And you would be one of those going to your grave still insisting that the 
world is still flat.  I sure there where many who thought similarly with it 
was being presented that the world was not flat.


- Original Message - 
From: "Danny Thomas" 

To: 
Sent: Friday, January 30, 2009 11:17 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
"Illegal"




Al Stu wrote:
History is fraught with individuals or a few being ridiculed for putting 
forth that which goes against the conventional wisdom of the masses and 
so called experts, only to be vindicated once the masses and so called 
experts get their head out where the sun is shining and exposed to the 
light of day.


Once upon a time the world was 'flat'.  For some of you, apparently is 
still is 'flat'.

and for every Einstein, Columbus, etc, there have been untold people whose
beliefs were not accepted. So whenever I see this line of argument 
advanced in a
simplistic way, particularly with a hint of an heroic struggle against 
orthodoxy,
I can't help thinking that the odds of "heretical views" being vindicated 
is pretty low.

One belief yet to be accepted is the existence of Martian sand whales.

*really plonk*


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users 


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

2009-01-31 Thread Al Stu 


And what business of yours would it be if I did?  That is pretty much the 
point here.  What business is it of yours, ISC, or anyone else if I chose to 
run my DNS with MX's pointing to CNAMES?  If it is a "bad" practice, fine so 
be it.  But it has practical and beneficial uses.  For ISC to deem it 
"illegal" is a fallacy and inappropriate..



- Original Message - 
From: "Jeff Lightner" 

To: "Danny Thomas" ; 
Sent: Saturday, January 31, 2009 7:05 AM
Subject: RE: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
"Illegal"




What?!

And all this time I just assumed it was the Martian Sand variety that
was being spoken of on all the "save the whales" bumper stickers.

Maybe Al will end up winning the Darwin Award for another one of his
avante garde ideas.   He'll decide that the conventional wisdom that
exhausting his engine through a tail pipe instead of into the cabin is
the cause of global warming and modify his car...

-Original Message-
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Danny Thomas
Sent: Saturday, January 31, 2009 2:18 AM
To: bind-users@lists.isc.org
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"

Al Stu wrote:

History is fraught with individuals or a few being ridiculed for
putting forth that which goes against the conventional wisdom of the
masses and so called experts, only to be vindicated once the masses
and so called experts get their head out where the sun is shining and
exposed to the light of day.

Once upon a time the world was 'flat'.  For some of you, apparently is



still is 'flat'.

and for every Einstein, Columbus, etc, there have been untold people
whose
beliefs were not accepted. So whenever I see this line of argument
advanced in a
simplistic way, particularly with a hint of an heroic struggle against
orthodoxy,
I can't help thinking that the odds of "heretical views" being
vindicated is pretty low.
One belief yet to be accepted is the existence of Martian sand whales.

*really plonk*


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Please consider our environment before printing this e-mail or 
attachments.

--
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential 
information and is for the sole use of the intended recipient(s). If you 
are not the intended recipient, any disclosure, copying, distribution, or 
use of the contents of this information is prohibited and may be unlawful. 
If you have received this electronic transmission in error, please reply 
immediately to the sender that you have received the message in error, and 
delete it. Thank you.

--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users 


___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

A newbies Bind question

2009-01-31 Thread Peter Privat 
Hi,
My first posting here! :)

I have installed the Bind9 DNS server into an Debian (Ubuntu 8.04)
server. I manged to make it work for all the computers that belongs to
the same subnet, at a real internet IP subnet (not a private IP like 192
etc). It is also not behind a firewall. I have entered the DNS server IP
to all my computers attached to the same subnet. I can now both use my
private DNS server instead of the one from my ISP.

My question:
Is it possible for my friends out there somewhere in cybespace to also
use my DNS server by entering its IP their DNS settings?

So far I haven't managed to make it work. If another computer somewhere
out there in the cloud is entering the IP of my private DNS server into
their internet settings, they are not able to use that DNS server. It
doesn't provide DNS at all. Seems like it is blocked or doesn't allow
computers that is not on the same subnet, or something. Is there a
configuration that I've missed? How do the ISP's make their DNS servers
usable for everyone?

/Peter
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

2009-01-31 Thread Matthew Pounsett 


On 31-Jan-2009, at 13:18, Al Stu wrote:



And what business of yours would it be if I did?  That is pretty  
much the point here.  What business is it of yours, ISC, or anyone  
else if I chose to run my DNS with MX's pointing to CNAMES?  If it  
is a "bad" practice, fine so be it.  But it has practical and  
beneficial uses.  For ISC to deem it "illegal" is a fallacy and  
inappropriate..


ISC did not deem it illegal.  The IETF working group that designed the  
protocol deemed it illegal.  If you have a problem with it, take it up  
with the DNSEXT working group.


You have been presented with the means to turn off the behaviour.  Use  
that or don't; it's up to you.  Please stop whining about it.


*plonk*

 


PGP.sig
Description: This is a digitally signed message part
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: A newbies Bind question

2009-01-31 Thread Matthew Pounsett 


On 31-Jan-2009, at 13:24, Peter Privat wrote:


My question:
Is it possible for my friends out there somewhere in cybespace to  
also use my DNS server by entering its IP their DNS settings?


So far I haven't managed to make it work. If another computer  
somewhere out there in the cloud is entering the IP of my private  
DNS server into their internet settings, they are not able to use  
that DNS server. It doesn't provide DNS at all. Seems like it is  
blocked or doesn't allow computers that is not on the same subnet,  
or something. Is there a configuration that I've missed? How do the  
ISP's make their DNS servers usable for everyone?


By default, BIND blocks IP addresses that aren't on a local network  
from using it for recursion.  Setting up an open DNS server which  
permits anyone to use it creates an easy vector for your DNS server to  
be used in Denial of Service attacks, so the default is to be  
completely closed.It is not recommended to open up your DNS server  
to the world.  If your friends have static IP addresses (i.e. the IP  
addresses of their computers aren't ever changed by their ISP) then  
you can allow them in using the 'allow-query' and 'allow-recursion'  
options.


There's HTML documentation for the 'options' grammar at 





PGP.sig
Description: This is a digitally signed message part
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

2009-01-31 Thread Noel Butler 
On Sun, 2009-02-01 at 04:08, Al Stu wrote:

>  
> If I am trolling, that would make you a sucker/trash fish.  Was the
> bait tasty?
>  
> That sentence does not make sense.
>  


it does, i love to go fishing when i'm bored, and are so full of it
you're everywhere in the lil pond.

I have not read your shit for over a week since I was busy, but you'll
never learn, IOW go cry to someone who might actually give a flying F. 
you can not be that thick, the fact you are still trolling about it
indicates that exactly is what you are




> - Original Message - 
> From: Noel Butler
> To: bind-users@lists.isc.org
> Sent: Friday, January 30, 2009 11:12 PM
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records
> are NOT "Illegal"
> 
> On Sat, 2009-01-31 at 16:55, Al Stu wrote: 
> 
> > History is fraught with individuals or a few being ridiculed for 
> putting 
> > forth that which goes against the conventional wisdom of the masses 
> and so 
> 
> 
> You don't get to speak for anyone else but yourself,  just
> because you believe in your own trolling, don't assume agree
> with you, let alone "masses" of others 
> 
> 
> __
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> 
> __
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

2009-01-31 Thread Noel Butler 
On Sun, 2009-02-01 at 04:05, Al Stu wrote:

> The basic argument that because it can be misused, abused, criminally 
> exploited, etc., it should be abolished, not permitted, and deemed "illegal" 
> by a group of people who should not have that authority, even though it has 
> practical and beneficial uses is absurd.  By that same logic automobiles 
> should also be abolished and we should all just go back to horse and buggy. 
> Oh wait, those too should be abolished based on that same logic.
> 
> 


FFS.. piss off



> - Original Message - 
> From: "Michael Milligan" 
> To: "Al Stu" 
> Cc: 
> Sent: Friday, January 30, 2009 10:20 AM
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
> "Illegal"
> 
> 
> > You just don't get it.  You are off wandering around in the weeds.
> >
> > Read the tail end of Chapter 5 in the book "DNS and BIND" describing the
> > MX selection algorithm in layman's terms to (perhaps) understand why
> > having MX records referencing CNAMEs is bad.
> >
> > It may work right now for you, but referencing CNAMEs in MX records
> > eventually _will_ cause delivery loops the next time you accidentally
> > fat-finger a config.  If you continue to be hard-headed about this and
> > not listen to the 100s of years of collective wisdom dispensed, then go
> > ahead and leave yourself set up for a potential DoS against yourself,
> > we're not going to stop you...  and we're not going to feel sorry for
> > you either.
> >
> > FIN
> >
> > Regards,
> > Mike
> >
> > Al Stu wrote:
> >> Analyze this.
> >>
> >> Query MX dns.com
> >>
> >> Response MX nullmx.domainmanager.com
> >>
> >> Query A nullmx.domainmanager.com
> >>
> >> Response CNAME mta.dewile.net, A 64.40.103.249
> >>
> > 
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users