Re: [exim-dev] DNSSEC / log spam

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Phil Pennock
Datum:  
To: Larry Rosenman
CC: exim-dev
Betreff: Re: [exim-dev] DNSSEC / log spam
On 2018-06-29 at 20:16 -0500, Larry Rosenman via Exim-dev wrote:
> Greetings,
>     I have my DNS Zone DNSSEC enabled, but some of my dynamic
>     sub-domains are NOT DNSSEC due to HE.net not supporting DNSSEC yet.
>     can we suppress/change exim to not spam the logs with:

>
> Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked for "borg.lerctr.org IN AAAA", got type "RRSIG"
> Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked for "borg.lerctr.org IN A", got type "RRSIG"


Those messages are being generated by libc, so although it's from the
Exim process, it's not from the Exim codebase.

AFAIK there's nothing we can do from our side, as long as going through
that interface.

I'm guessing that this is a Router using hostname resolution; those all
have options to change how DNS resolution is done, IIRC. Post on
exim-users if you need help reconfiguring, but it should be setting
route_data/route_list to use `bydns`. Of course, there might be a
_reason_ to not do that ... in which case, see if you can get libc built
without DEBUG enabled, or comment out the log-message and recompile
libc.

On FreeBSD, it's: /usr/src/lib/libc/net/getaddrinfo.c

-Phil