Hi,
this is an upstream issue, please report this to https://gitlab.isc.org and
report the URL back here.
Ondřej
--
Ondřej Surý (He/Him)
> On 10. 12. 2023, at 10:12, E Harris <ehar...@puremagic.com> wrote:
>
> Package: bind9
> Version: 1:9.18.19-1~deb12u1
> Severity: normal
>
> When bind9/named is configured to log category rpz messages to a file, some
> rpz log messages are not captured and sent to the intended destination.
>
> Example:
>
> Add the following stanza in named.conf.options:
>
> logging {
> channel rpzlog {
> file "/var/log/named/rpz.log" versions unlimited size 100m;
> print-time yes;
> print-category yes;
> print-severity yes;
> severity info;
> };
> category rpz { rpzlog; };
> };
>
> With this configuration for logging, most rpz log messages are properly
> sent to the intended file (NXDOMAIN items), but some rpz messages are not.
> So far, the ones that seem not to be properly captured by this log destination
> are rpz "passthru" lookups.
>
> Example log messages that end up in the default syslog/journald rather than
> the configured log file:
>
> Dec 10 01:29:41 somehostn named[327739]: client @0x7fee327a6568
> 127.0.0.1#35809 (some.domain.name): rpz QNAME PASSTHRU rewrite
> some.domain.name/A/IN via some.domain.name.rpz.local
> Dec 10 01:29:41 somehost named[327739]: client @0x7fee32785768
> 127.0.0.1#35809 (some.domain.name): rpz QNAME PASSTHRU rewrite
> some.domain.name/AAAA/IN via some.domain.name.rpz.local
>
> Example rpz entry that generates log entries that fail to go to the rpz
> category/destination:
> some.domain.name CNAME rpz-passthru.
>
> Example rpz entry that generates log entries that do go to the proper rpz
> category/destination:
> other.domain.name CNAME .
>
>
> -- System Information:
> Debian Release: 12.3
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
> 'stable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 5.10.0-26-amd64 (SMP w/4 CPU threads)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
> TAINT_UNSIGNED_MODULE
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages bind9 depends on:
> ii adduser 3.134
> ii bind9-libs 1:9.18.19-1~deb12u1
> ii bind9-utils 1:9.18.19-1~deb12u1
> ii debconf [debconf-2.0] 1.5.82
> ii dns-root-data 2023010101
> ii init-system-helpers 1.65.2
> ii iproute2 6.1.0-3
> ii libc6 2.36-9+deb12u3
> ii libcap2 1:2.66-4
> ii libfstrm0 0.6.1-1
> ii libjson-c5 0.16-2
> ii liblmdb0 0.9.24-1
> ii libmaxminddb0 1.7.1-1
> ii libnghttp2-14 1.52.0-1+deb12u1
> ii libprotobuf-c1 1.4.1-1+b1
> ii libssl3 3.0.11-1~deb12u2
> ii libsystemd0 252.19-1~deb12u1
> ii libuv1 1.44.2-1
> ii libxml2 2.9.14+dfsg-1.3~deb12u1
> ii lsb-base 11.6
> ii netbase 6.4
> ii sysvinit-utils [lsb-base] 3.06-4
> ii zlib1g 1:1.2.13.dfsg-1
>
> bind9 recommends no packages.
>
> Versions of packages bind9 suggests:
> pn bind-doc <none>
> ii bind9-dnsutils [dnsutils] 1:9.18.19-1~deb12u1
> ii dnsutils 1:9.18.19-1~deb12u1
> ii resolvconf 1.91+nmu1
> ii ufw 0.36.2-1
>
> -- Configuration Files:
> /etc/bind/db.root [Errno 13] Permission denied: '/etc/bind/db.root'
> /etc/bind/named.conf changed [not included]
> /etc/bind/named.conf.local changed [not included]
> /etc/bind/named.conf.options [Errno 13] Permission denied:
> '/etc/bind/named.conf.options'
>
> -- debconf-show failed
>
