Re: [uug] named "lame server" errors

Fri, 27 Feb 2004 19:01:53 -0800

Casey T. Deccio wrote:
On Fri, 2004-02-27 at 17:58, Jason Holt wrote:

I'm not much of a bind expert, but that's very suspicious.  You might be
0wn3d, or be getting used as a carrier by spammers.  You don't have any
proxies running, by any chance?



I was running squid (I had it running, but hadn't even used it at all on
my network).  I checked the squid logs, and there weren't any entries,
let along any suspicious ones.  So I don't know if that was the problem
or not, but I stopped the proxy nonetheless.

I realized that there were some issues on one of the other interfaces on
my machine.  To fix that problem, I restarted networking, and the bind
problems seemed to stop about the same time.  I'll keep checking the
logs, to see if that fixes it.  Thanks,

Casey


It doesn't address your issue, but here is how I keep the lameness out of /var/log/messages (and regular BIND logging separate as well). Throw this at the top of your /etc/named.conf file:

logging {
        channel local_log {
                /*
                 * Use a file channnel. The file is
                 * /var/log/named.log. [Why the ".log"
                 * suffix?] Keep 2 versions of the file
                 * and don't let it get bigger than 1 Mb.
                 */
                file "/var/log/named/named.log"
                versions 2 size 1M;
                print-time yes;
        };
        category default {
                /*
                 * Send every log category to the
                 * local_log channel defined above.
                 */
                local_log;
        };
        category lame-servers {
                lame-servers-logging;
        };
        channel lame-servers-logging {
                file "/var/log/named/lame-servers.log" versions 4 size 5m;
                print-time yes;
                print-category yes;
        };
};

Then create a /var/log/named directory (owned by "named" or whatever user your named process runs as) and "touch named.log" and "touch lame-servers.log" (again owned by "named"). That keeps everything nice and pretty.

You could also simply ignore the lame messages, and the docs for the logging commands give instructions on how to do this (I think, been a while). There are also scripts which will do a whois lookup and send a message to the various contacts to let them know how lame they are and in what way :-).

There are other channels you can create and categories you can split out as well. Check "man named.conf" for the list.

Adam Augustine

____________________
BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list

Reply via email to