[nsd-users] NSD not logging to SYSLOG

cam ESOUQcWEt5QXZwMWQYa8g7DiWPxFLIB3 at sauros.net
Tue Feb 18 01:39:09 UTC 2014


Hi Wouter,

Thanks for your note. After going through my syslog-ng configuration file, I
realized that it was not listening on any socket. Creating a socket
/var/nsd/dev/log solved the issue, even when chroot-ing to "/var/nsd/"

Apart from this, I was wondering if you could help demystifying the log
messages that I get:
host nsd[16191]: NSTATS 1392687148 1392630857 A=71 NS=1 CNAME=5 MX=38 AAAA=32 DNSKEY=5 TYPE251=32 TYPE252=64 TYPE255=85
host nsd[16191]: XSTATS 1392687148 1392630857 RR=0 RNXD=0 RFwdR=0 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=0 SAns=235 SFwdQ=0 SDupQ=0 SErr=0 RQ=333 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=98 SFwdR=0 SFail=89 SFErr=0 SNaAns=0 SNXD=1 RUQ=0 RURQ=0 RUXFR=0 RUUpd=0      

Is there a document somewhere explaining the above codes (RR, RDupR etc.)?
Also, I see Sfail=89, sounds like something is wrong?

Thanks again,

Cheers,
cam

On Mon, 17/02/2014 10:14 +0100, W.C.A. Wijngaards wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Cam,
> 
> On 02/16/2014 07:27 AM, cam wrote:
> > Hi,
> > 
> > Running NSD on OpenBSD 5.4, I notice that nsd does not log to
> > SYSLOG unless it is run on the command line with the "-d -V 9"
> > flags.
> > 
> >> From the manpages:
> > -l logfile Log messages to the specified logfile. The default is to
> > log to stderr and syslog. If a zonesdir: is specified in the
> > config file this path can be relative to that directory.
> > 
> > Running it as a normal daemon with "-V 2" flags should
> > theoretically log to SYSLOG but it is not the case. When running,
> > no socket file is created in the /var/nsd/dev/ directory (even if I
> > changed the permission to _nsd:_nsd), is this normal?
> > 
> > Would appreciate any hint or help,
> 
> The chroot is likely the culprit.  With chroot: "" you disable that,
> and try to see if that fixes the logging.
> 
> Syslog on OpenBSD may need something in the chroot to function
> properly, perhaps as user root makedev a device node or open a
> named-pipe in a directory and then tell syslog to connect to it; or
> something along those lines.  If it does not have that, then NSD can
> call the syslog call, but that routine cannot do anything.  Usually
> this is performed by the rc.d/nsd startup scripts.  These scripts are
> OS specific, and I guess the OpenBSD one does not setup the
> prerequisites for syslog?
> 
> (That script should also setup for: timezone information (for printing
> the time to the log), and randomness device (for entropy to see the
> secure random generator); but again not all OSes need it because they
> use a different implementation for those things).
> 
> Best regards,
>    Wouter
> 
> 
> > Cheers, cam
> > 
> > Some info: # nsd -v NSD version 3.2.15 Written by NLnet Labs.
> > 
> > Copyright (C) 2001-2011 NLnet Labs.  This is free software. There
> > is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> > PARTICULAR PURPOSE.
> > 
> > # l /var/nsd/ total 28 drwxr-xr-x   7 root  wheel  512 Feb 16 11:29
> > . drwxr-xr-x  25 root  wheel  512 Feb 16 11:23 .. drwxr-xr-x   2
> > root  wheel  512 Feb 13 19:32 db drwxr-xr-x   2 root  wheel  512
> > Jul 31  2013 dev drwxrwxr-x   2 root  _nsd   512 Feb 16 14:14 run 
> > drwxr-xr-x   2 root  wheel  512 Jul 31  2013 zones
> > 
> > # cat /etc/nsd.conf server: ip-address: 0.0.0.0 port: 53 
> > server-count: 1 statistics: 120 verbosity: 2 ip4-only: yes 
> > hide-version: yes identity: "ns1.domain.tld" 
> > _______________________________________________ nsd-users mailing
> > list nsd-users at NLnetLabs.nl 
> > http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> > 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBAgAGBQJTAdLhAAoJEJ9vHC1+BF+NDEAP/AzI7A3MJr7O5WE/jehs8iaS
> 0WqpwOYeVhfUGuL3Bu1TGTPUOtBFp8arJSsrhue4hj5pQZ+RFJK1GPKElXz4uvih
> sgpkKFJY/C4ec2QuecS/mVPUhQI7Io8qXOR+MbspIQ5A0CAJeSrxk/EXv5no5yHh
> l06Odtg7OHnQhZvVjQ5j8TIH7Ogc+OyTTwL5joIX11gGOsBZZcpFLaED5Y3w7RrB
> RNh+g5ygovfozCr5uUQvmx8LdId3oItIdKkAtdexZw2TQ8Pv4d3/u/EiDy1X1fwZ
> JOWTrIoNMptbp18b53W8pFEWFln4XB1fTvap9bD8PHFL5SYenstXU0kedQ0M7i6N
> wUmX8PSZayg2Y0hp7u0KDXwZkii1AZO9lOLXkNYUayg56F+qM5dx5EzI/sV/HzSH
> Cpej0EC43+2CLvzJeyWqrNES443AIDi8oru694nTa5Cbun1q6POndFZueUBYTkJT
> 3Z59Tyox0eW7h5RQxLOTl8f4e+JDIhLYYyj8w0zrV883nM5dfv0tUcgb4IeQCkbU
> SBGbJLbNhFFQzPPoYseLZiWq4XhWfOhuiz/hZCgXklqbPL2FhAwcU13isaoiuC59
> UWcftQx0mv+OOwt6sd0pTEQbQiKRbdVw8TozVxv+bZu0x2UpJif0BGzQS7rVEMNl
> SEuNWIoR/re5MelTdSfO
> =XVTV
> -----END PGP SIGNATURE-----
> -- 
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 



More information about the nsd-users mailing list