Hi, this is an upstream issue, please report this to https://gitlab.isc.org and report the URL back here.
Ondřej -- Ondřej Surý (He/Him) > On 10. 12. 2023, at 10:12, E Harris <ehar...@puremagic.com> wrote: > > Package: bind9 > Version: 1:9.18.19-1~deb12u1 > Severity: normal > > When bind9/named is configured to log category rpz messages to a file, some > rpz log messages are not captured and sent to the intended destination. > > Example: > > Add the following stanza in named.conf.options: > > logging { > channel rpzlog { > file "/var/log/named/rpz.log" versions unlimited size 100m; > print-time yes; > print-category yes; > print-severity yes; > severity info; > }; > category rpz { rpzlog; }; > }; > > With this configuration for logging, most rpz log messages are properly > sent to the intended file (NXDOMAIN items), but some rpz messages are not. > So far, the ones that seem not to be properly captured by this log destination > are rpz "passthru" lookups. > > Example log messages that end up in the default syslog/journald rather than > the configured log file: > > Dec 10 01:29:41 somehostn named[327739]: client @0x7fee327a6568 > 127.0.0.1#35809 (some.domain.name): rpz QNAME PASSTHRU rewrite > some.domain.name/A/IN via some.domain.name.rpz.local > Dec 10 01:29:41 somehost named[327739]: client @0x7fee32785768 > 127.0.0.1#35809 (some.domain.name): rpz QNAME PASSTHRU rewrite > some.domain.name/AAAA/IN via some.domain.name.rpz.local > > Example rpz entry that generates log entries that fail to go to the rpz > category/destination: > some.domain.name CNAME rpz-passthru. > > Example rpz entry that generates log entries that do go to the proper rpz > category/destination: > other.domain.name CNAME . > > > -- System Information: > Debian Release: 12.3 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, > 'stable') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 5.10.0-26-amd64 (SMP w/4 CPU threads) > Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, > TAINT_UNSIGNED_MODULE > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not > set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages bind9 depends on: > ii adduser 3.134 > ii bind9-libs 1:9.18.19-1~deb12u1 > ii bind9-utils 1:9.18.19-1~deb12u1 > ii debconf [debconf-2.0] 1.5.82 > ii dns-root-data 2023010101 > ii init-system-helpers 1.65.2 > ii iproute2 6.1.0-3 > ii libc6 2.36-9+deb12u3 > ii libcap2 1:2.66-4 > ii libfstrm0 0.6.1-1 > ii libjson-c5 0.16-2 > ii liblmdb0 0.9.24-1 > ii libmaxminddb0 1.7.1-1 > ii libnghttp2-14 1.52.0-1+deb12u1 > ii libprotobuf-c1 1.4.1-1+b1 > ii libssl3 3.0.11-1~deb12u2 > ii libsystemd0 252.19-1~deb12u1 > ii libuv1 1.44.2-1 > ii libxml2 2.9.14+dfsg-1.3~deb12u1 > ii lsb-base 11.6 > ii netbase 6.4 > ii sysvinit-utils [lsb-base] 3.06-4 > ii zlib1g 1:1.2.13.dfsg-1 > > bind9 recommends no packages. > > Versions of packages bind9 suggests: > pn bind-doc <none> > ii bind9-dnsutils [dnsutils] 1:9.18.19-1~deb12u1 > ii dnsutils 1:9.18.19-1~deb12u1 > ii resolvconf 1.91+nmu1 > ii ufw 0.36.2-1 > > -- Configuration Files: > /etc/bind/db.root [Errno 13] Permission denied: '/etc/bind/db.root' > /etc/bind/named.conf changed [not included] > /etc/bind/named.conf.local changed [not included] > /etc/bind/named.conf.options [Errno 13] Permission denied: > '/etc/bind/named.conf.options' > > -- debconf-show failed >