[46966] in North American Network Operators' Group
Re: is your host or dhcp server sending dns dynamic updates for rfc1918?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Fri Apr 19 11:38:31 2002
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
In-Reply-To: Message from bert hubert <ahu@ds9a.nl>
of "Fri, 19 Apr 2002 13:19:28 +0200."
<20020419131928.A5643@outpost.ds9a.nl>
Date: Fri, 19 Apr 2002 08:34:26 -0700
Message-Id: <20020419153426.6EE9028B6D@as.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
> > according to http://root-servers.org/, dns transactions concerning rfc1918
> > address space are now being served by an anycast device near you ...
>
> And right you are. However, pray tell, why doesn't bind feature a simple way
> to not log these spurious updates? As far as I can tell lots of people want
> to just ignore these messages but can only do so by turning off all security
> logging.
that question belongs on bind-users@isc.org, i suspect. but i'll answer: if
you redirect the "update" and "security" categories to channel "null" then it
works like you want. if there was demand, ISC would make a specific category
called "failed-updates" so that other security related events wouldn't have
to be nulled at the same time.
> Please note that PowerDNS is just as silly in this respect up to 1.99.9. The
> next version features --log-failed-updates which defaults to off.
not all failed updates are spurious. i recommend against this as a default.
