Re: Question regarding newsyslog.conf and Bind logs
Hello J
What is it you're actually trying to achieve here?
Cheers, Greg
On Thu, 25 Aug 2022 at 04:24, J Doe wrote:
> Hello,
>
> I was wondering if anyone could provide feedback on whether the
> following: newsyslog.conf file is correct to allow for daily log
> rotation for my Bind 9.16.30 logs ?
>
> My currently logging settings in: named.conf are:
>
> ...
> logging {
> channel chn_file_queries {
> buffered no;
> file "/var/queries.log"
> versions 2 size 1g suffix increment;
> print-category yes;
> print-severity yes;
> print-time yes;
> severity info;
> };
> ...
> };
> ...
>
> newsyslog.conf examples tend to make use of: pkill but I note in the
> Bind ARM and man page that signals are deprecated in favor of: rndc.
>
> I am *thinking* the following should work for newsyslog.conf
>
> /var/named/var/queries.log6407 *$D0 Z
> "/usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true"
>
> So settings:
>
> Log path: My Bind is running in chroot
> File mode:0640
> Log count:7 (1 per day)
> Size limit: none
> Frequency:$D0 (daily)
> Flags:z to compress
> Binary: rndc (instead of pkill)
>
> Is this correct ?
>
> Thank you,
>
> - J
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Question regarding newsyslog.conf and Bind logs
On 25/08/2022 05:23, J Doe wrote:
Hello J Doe,
I was wondering if anyone could provide feedback on whether the
following: newsyslog.conf file is correct to allow for daily log
rotation for my Bind 9.16.30 logs ?
My currently logging settings in: named.conf are:
...
logging {
channel chn_file_queries {
buffered no;
file "/var/queries.log"
versions 2 size 1g suffix increment;
This configuration makes BIND rotate the file by itself, when it grows
bigger than 1 GB. You do NOT need any external tool like newsyslog to do
log file rotation.
Regards,
Anand
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
BIND >= 9.18, jemalloc and EL7
Dear BIND developers and users, My question is about jemalloc on Enterprise Linux 7 (RHEL 7 and its clones). I've built BIND 9.18.6 on CentOS 7. It links against jemalloc 3.6.0, which is available in the EPEL repository. BIND does run without any problems, but I've only tried it with a handful of zones, and no significant traffic. Is anyone aware of any problems that could be caused by using this older version of jemalloc? Regards, Anand -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND >= 9.18, jemalloc and EL7
Hi Anand, I think there's only a risk that ISC doesn't regularly test with older jemalloc versions, so you might get a hit by a bug we are not aware of. Upstream recommends upgrading to at least 5.1.0 and further releases (up to 5.3.0) fixes some bugs introduced in 5.x releases, but it's ultimately your decision It's little bit similar with libuv - you will be better running with latest upstream release, but you can get away with older versions too. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 25. 8. 2022, at 14:44, Anand Buddhdev wrote: > > Dear BIND developers and users, > > My question is about jemalloc on Enterprise Linux 7 (RHEL 7 and its clones). > I've built BIND 9.18.6 on CentOS 7. It links against jemalloc 3.6.0, which is > available in the EPEL repository. > > BIND does run without any problems, but I've only tried it with a handful of > zones, and no significant traffic. > > Is anyone aware of any problems that could be caused by using this older > version of jemalloc? > > Regards, > Anand > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users signature.asc Description: Message signed with OpenPGP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Mailing list questions (DMARC, ARC, more?)
Thanks Ged for all the feedback. The lack of interest by others proves that From: munging is not so much of a nuisance as they say... Best Ale On Tue 23/Aug/2022 16:39:33 +0200 Bind Users wrote: Hi there, On Tue, 23 Aug 2022, Alessandro Vesely wrote: I see the list operates both From: munging and ARC sealing. While I'm clear about the former, I'm curious about how ARC works: Do any subscribers trust the seal by isc.org? When it comes to email, I don't trust *anything*. :) Generally speaking I think these technological fixes are very much over-engineered as compared with, say, inspecting the headers. :/ We check the ARC seal and I would be alerted to a failure. That's all. There have been two failures since ISC implemented ARC - the first two ARC-signed messages we received, on 25th April - all after that passed: Date: Mon, 22 Aug 2022 12:00:00 + X-ARCverify: pass (All ARC Seals and the most recent ARC Signature passed verification) There were a few DKIM failures in the early days too, I don't remember if I investigated any of the failures. In that case, do they get non-munged messages? Nope. I'm on the digest list anyway. Are there other advantages that ARC brings about? It's a comfort to know that it's all working as designed, but I can't get excited about munged addresses. I've experienced no issues on the BIND list to which I've thought ARC might be relevant. Unfortunately that's by no means the case for some of the other lists to which I am (or have in the past been) subscribed. Otherwise, RFC9057 introduced the Author: header field. Using it to save the original From: would allow trusting receivers to de-munge the message at a later stage. I'm trying to elaborate a draft[*] to formalize such method. Would this list be interested in experimenting that? I'm happy to use cut'n'paste for replies, but I can offer to help you with your testing. The milters here can do more or less anything. :) PS: Please don't be offended if mail sent directly to me is rejected. We can get around it. PPS: [Page 18] s/Content-Tyep:/Content-Type:/; -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND >= 9.18, jemalloc and EL7
Hi Ondřej Thank you for this explanation. I note that none of the official ISC BIND packages for EL7 and EL8 link against jemalloc, even though the documentation recommends it. The jemalloc folks have deemed 3.6 as stable, and that's why it's the latest version in EPEL7. For EPEL8 and EPEL9, the jemalloc folks deemed version 5.2.1 as stable, and that's what's available. I suppose that on this basis, it *should* be okay to build and use BIND with jemalloc on all these versions. However, I will give this some more thought for our own RPMs, and see what we want to do. I'm leaning towards building without jemalloc for EL7, and with for EL8 and EL9. Regards, Anand On 25/08/2022 15:54, Ondřej Surý wrote: Hi Anand, I think there's only a risk that ISC doesn't regularly test with older jemalloc versions, so you might get a hit by a bug we are not aware of. Upstream recommends upgrading to at least 5.1.0 and further releases (up to 5.3.0) fixes some bugs introduced in 5.x releases, but it's ultimately your decision It's little bit similar with libuv - you will be better running with latest upstream release, but you can get away with older versions too. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND >= 9.18, jemalloc and EL7
Hi Anand, > I note that none of the official ISC BIND > packages for EL7 and EL8 link against jemalloc, even though the > documentation recommends it. Could you please double check? This is what I get in a fresh CentOS 7 Docker container: # yum install yum-plugin-copr # yum copr enable isc/bind # yum install epel-release # yum install isc-bind # scl enable isc-bind -- bash # named -v BIND 9.18.6 (Stable Release) # ldd $(command -v named) | grep jemalloc libjemalloc.so.1 => /lib64/libjemalloc.so.1 (0x7f1a9d18) I also checked on RHEL 8 and the result is the same. Copr build logs for BIND 9.18.6 also confirm that named is linked against jemalloc: https://download.copr.fedorainfracloud.org/results/isc/bind/epel-7-x86_64/04742380-isc-bind-bind/builder-live.log.gz https://download.copr.fedorainfracloud.org/results/isc/bind/epel-8-x86_64/04742380-isc-bind-bind/builder-live.log.gz -- Best regards, Michał Kępień -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question regarding newsyslog.conf and Bind logs
On 2022-08-25 03:05, Greg Choules wrote: Hello J What is it you're actually trying to achieve here? Cheers, Greg Hi Greg, I'm looking to have my: queries.log (which logs all the queries my Bind 9.16.30 recursive resolver resolves), rotated at the end of the day and I'd like to keep 7 days worth of those logs. I didn't see anywhere in the log rotation options for: named.conf that mentioned rotation based on *time*. I saw I can configure rotations based on the size of the file, but I'd like rotation to happen once every 24 hours. With that in mind, I believe I could change the logging stanza from: file "/var/queries.log" versions 2 size 1G suffix increment; to (syntax might be incorrect): file "/var/queries.log" size 1G; I still want any daily log *before* it's being rotated to be a maximum size of 1 GB. I believe my: newsyslog.conf line to rotate the logs daily is correct, except I wasn't entirely sure what the: rndc equivalent of sending SIGHUP to Bind was, as the ARM and man note that sending signals to control Bind is deprecated. Thanks, - J -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question regarding newsyslog.conf and Bind logs
On 2022-08-25 04:52, Anand Buddhdev wrote:
On 25/08/2022 05:23, J Doe wrote:
Hello J Doe,
I was wondering if anyone could provide feedback on whether the
following: newsyslog.conf file is correct to allow for daily log
rotation for my Bind 9.16.30 logs ?
My currently logging settings in: named.conf are:
...
logging {
channel chn_file_queries {
buffered no;
file "/var/queries.log"
versions 2 size 1g suffix increment;
This configuration makes BIND rotate the file by itself, when it grows
bigger than 1 GB. You do NOT need any external tool like newsyslog to do
log file rotation.
Regards,
Anand
Hi Anand,
Yes, I am aware that the logging stanza I listed for the query log will
do the rotation when the log reaches 1 GB and then it will rotate it and
store two logs in total.
What I would like to introduce is rotation based on time. So after 24
hours, newsyslog would compress and rotate the logs and keep them for 7
days before removing the oldest. That way I always have a week's worth
of query data in separate logs by day.
Was my newsyslog.conf file correct for that ?
Thanks,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: Question regarding newsyslog.conf and Bind logs
J wrote:
> I'm looking to have my: queries.log (which logs all the queries my Bind
> 9.16.30 recursive resolver resolves), rotated at the end of the day and I'd
> like to keep 7 days worth of those logs.
{snip}
> I still want any daily log *before* it's being rotated to be a maximum size
> of 1 GB.
Hi J,
I'm coming a little late to the party on this one and I think you might
struggle to do rotation based on both date/time *and* file size, but I use
logrotate to rotate all of my BIND logs daily, keeping 31 days of logs. And
you'll see that one of the last things that logrotate does is to call [rndc
reconfig] which causes BIND to generate fresh log files in place of the rotated
ones.
My BIND logging itself is setup based largely on the configuration described
here:
https://kb.isc.org/docs/aa-01526
My logrotate.conf file then looks like this the following, which itself is
based on this:
https://ixnfo.com/en/logrotate-bind9.html
#-
# RTAN BIND 9 daily log rotation
#
# Note that the log file won't rotate until at least one day AFTER you set this
for the first time.
# Eg if you create this file on a Wednesday then they won't rotate for the
first time until THURSDAY night:
# https://serverfault.com/questions/375004/logrotate-not-rotating-the-logs
#-
/var/log/named/*.log
{
olddir /var/log/named/archived
compress
create 0644 bind bind
daily
dateext
missingok
notifempty
rotate 31
sharedscripts
postrotate
/usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true
endscript
}
#-
Best,
Richard.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Question regarding newsyslog.conf and Bind logs
On 2022-08-25 16:46, Richard T.A. Neal wrote:
Hi J,
I'm coming a little late to the party on this one and I think you might
struggle to do rotation based on both date/time *and* file size, but I use
logrotate to rotate all of my BIND logs daily, keeping 31 days of logs. And
you'll see that one of the last things that logrotate does is to call [rndc
reconfig] which causes BIND to generate fresh log files in place of the rotated
ones.
My BIND logging itself is setup based largely on the configuration described
here:
https://kb.isc.org/docs/aa-01526
My logrotate.conf file then looks like this the following, which itself is
based on this:
https://ixnfo.com/en/logrotate-bind9.html
#-
# RTAN BIND 9 daily log rotation
#
# Note that the log file won't rotate until at least one day AFTER you set this
for the first time.
# Eg if you create this file on a Wednesday then they won't rotate for the
first time until THURSDAY night:
# https://serverfault.com/questions/375004/logrotate-not-rotating-the-logs
#-
/var/log/named/*.log
{
olddir /var/log/named/archived
compress
create 0644 bind bind
daily
dateext
missingok
notifempty
rotate 31
sharedscripts
postrotate
/usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true
endscript
}
#-
Best,
Richard.
Hi Richard,
Thank you for your reply. I am not attempting to configure the server
so that rotation is based on size *and* time. The size configuration in
the logging stanza was more to put an upper limit on a log *before* it
is rotated. I could drop the parts that mention 2 versions and
incrementing the filename and just keep: size 1G.
Let's say it's an extremely busy day and my Bind recursive resolver logs
are getting really big. I want the maximum size a day's logs can be
*before* they are compressed to be 1G. I am aware that if the server is
still under heavy load that queries past that point will not be logged.
Then, at the end of the day, newsyslog compresses the logs and rotates
them so that I keep 7 days worth of compressed logs.
The logrotate your example uses looks good, but I'm on a very minimal
OpenBSD 7.1 host. I could add the logrotate package, but newsyslog is
in the base system and I already use it for doing the same kind of log
rotation for my firewall logs, so I was hoping to stick to newsyslog.
The postrotate directive in the logrotate example you sent me was what I
was basing my newsyslog config on, as it uses rndc and not pkill SIGHUP.
I am assuming it would work with newsyslog, or am I incorrect about that ?
Thanks again,
- J
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Question regarding newsyslog.conf and Bind logs
Hi again J.
If I understand correctly, you want to enable querylog on a busy recursive
server permanently, rotate the files once a day and don't care if you lose
some logs because the number of queries on a busy day generates more data
than the specified log file is allowed to contain.
My question has to be, why?
Firstly, querylog is not an efficient way to record information about what
your clients are doing, dnstap is far more efficient if you want a record
of some or all information about queries and/or their responses. If using
files to retain this information, the rotation choices are the same as for
channels. If your server is only handling a few 10s or 100s QPS, querylog
will do. But if it's handling 1000s times more than that you will cause it
unnecessary extra stress and dnstap is your friend.
Secondly, if you insist on using querylog (actually, this also applies to
dnstap), why not just leave named to rotate the files based on size and
number, allowing for the set of files to be easily large enough to contain
(say) a week's worth of data. Then you could run a cron job to grep today's
logs and do what you want with them. You don't have to worry about other
processes sending commands to named to cause something to happen, it just
gets on with it.
/soapbox.
On Thu, 25 Aug 2022 at 22:08, J Doe wrote:
> On 2022-08-25 16:46, Richard T.A. Neal wrote:
>
> > Hi J,
> >
> > I'm coming a little late to the party on this one and I think you might
> struggle to do rotation based on both date/time *and* file size, but I use
> logrotate to rotate all of my BIND logs daily, keeping 31 days of logs. And
> you'll see that one of the last things that logrotate does is to call [rndc
> reconfig] which causes BIND to generate fresh log files in place of the
> rotated ones.
> >
> > My BIND logging itself is setup based largely on the configuration
> described here:
> > https://kb.isc.org/docs/aa-01526
> >
> > My logrotate.conf file then looks like this the following, which itself
> is based on this:
> > https://ixnfo.com/en/logrotate-bind9.html
> >
> > #-
> > # RTAN BIND 9 daily log rotation
> > #
> > # Note that the log file won't rotate until at least one day AFTER you
> set this for the first time.
> > # Eg if you create this file on a Wednesday then they won't rotate for
> the first time until THURSDAY night:
> > #
> https://serverfault.com/questions/375004/logrotate-not-rotating-the-logs
> > #-
> >
> > /var/log/named/*.log
> > {
> >olddir /var/log/named/archived
> >compress
> >create 0644 bind bind
> >daily
> >dateext
> >missingok
> >notifempty
> >rotate 31
> >sharedscripts
> >postrotate
> > /usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true
> >endscript
> > }
> > #-
> >
> > Best,
> > Richard.
>
> Hi Richard,
>
> Thank you for your reply. I am not attempting to configure the server
> so that rotation is based on size *and* time. The size configuration in
> the logging stanza was more to put an upper limit on a log *before* it
> is rotated. I could drop the parts that mention 2 versions and
> incrementing the filename and just keep: size 1G.
>
> Let's say it's an extremely busy day and my Bind recursive resolver logs
> are getting really big. I want the maximum size a day's logs can be
> *before* they are compressed to be 1G. I am aware that if the server is
> still under heavy load that queries past that point will not be logged.
>
> Then, at the end of the day, newsyslog compresses the logs and rotates
> them so that I keep 7 days worth of compressed logs.
>
> The logrotate your example uses looks good, but I'm on a very minimal
> OpenBSD 7.1 host. I could add the logrotate package, but newsyslog is
> in the base system and I already use it for doing the same kind of log
> rotation for my firewall logs, so I was hoping to stick to newsyslog.
>
> The postrotate directive in the logrotate example you sent me was what I
> was basing my newsyslog config on, as it uses rndc and not pkill SIGHUP.
>
> I am assuming it would work with newsyslog, or am I incorrect about that ?
>
> Thanks again,
>
> - J
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Question regarding newsyslog.conf and Bind logs
On 2022-08-25 18:04, Greg Choules wrote: Hi again J. If I understand correctly, you want to enable querylog on a busy recursive server permanently, rotate the files once a day and don't care if you lose some logs because the number of queries on a busy day generates more data than the specified log file is allowed to contain. My question has to be, why? Firstly, querylog is not an efficient way to record information about what your clients are doing, dnstap is far more efficient if you want a record of some or all information about queries and/or their responses. If using files to retain this information, the rotation choices are the same as for channels. If your server is only handling a few 10s or 100s QPS, querylog will do. But if it's handling 1000s times more than that you will cause it unnecessary extra stress and dnstap is your friend. Secondly, if you insist on using querylog (actually, this also applies to dnstap), why not just leave named to rotate the files based on size and number, allowing for the set of files to be easily large enough to contain (say) a week's worth of data. Then you could run a cron job to grep today's logs and do what you want with them. You don't have to worry about other processes sending commands to named to cause something to happen, it just gets on with it. /soapbox. Hi Greg, Yes, that's correct. The size limit for the busy day is actually much larger than I think it would ever get. I want a size limit to ensure that the query logs are not eating up too much disk space. The size limit of a days' log will never get that high, but if it does, the disk is not filled up. In that case, I understand logging for that day may be incomplete because Bind would stop logging if I it did get to 1 G, but for this server and the purpose it serves, it's never going to reach 1 G. I like to have an upper bound on logs to prevent disk from being filled up. I am familiar with dnstap but am looking for a more simple solution at this time. I agree it is probably the most correct tool for most jobs, but in this case text logs for queries are fine. I could also do as you suggest with cron and grep, but I'm not concerned with sending commands via a separate process (rndc) as that is the current method of sending commands to Bind. The big goal is to have compressed logs for 24 hours of queries, holding onto that data for a week. I think that's achievable by newsyslog. It would be great to know if: /usr/sbin/rndc reconfig > /dev/null 2>/dev/null || true ...is the correct trigger for named to open a new log. Can anyone provide feedback on that ? Thanks, - J -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
