In the dnssec.log file I only found references to normal key rotation.
Adding the section for update_security and running at trace 99 didn't
provide _any_ update_security log output, nor did it provide any extra
output to the update log.
even when running in single combined log format I
Please allow me to refocus this thread to the original question.
I'm asking about the logging facility with respect to the "update"
section of code in ISC's bind9 product.
Yes, I understand update-policy choices/errors will generate the REFUSED
response.
_I'm only asking about the logging
Hello Mark & List,
Thank you for responding, I'm running bind-9.18.26-1.fc40.x86_64 and
using nsupdate 9.16.27-Debian to send the updates, using rndc Version:
9.18.26.
I'm issuing commands through rndc to set the trace level to 99 -> "rndc
trace 99". rndc seems to work correctly in all
algorithm hmac-sha256;
named-checkconf -p shows the key with the matching name, algo, and secret.
When I mis-configure, change, or typo the secret it returns "BAD SECRET"
The error I'm seeing is "REFUSED" on a config that worked until the upgrade.
It worked on F36-F39, upgrades were seamless.
How can I set debug level log for update events?
I've tried "rndc trace 99" which gives *lots* of information expect for
UPDATE REFUSED issues even thought the channel is set to dynamic severity.
Is there a different way to get named to generate debug level logs for
UPDATE events?
I'm
5 matches
Mail list logo