From owner-freebsd-current@freebsd.org Sat Jun 30 02:03:23 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA315FE0B5E for ; Sat, 30 Jun 2018 02:03:23 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5290D86726 for ; Sat, 30 Jun 2018 02:03:23 +0000 (UTC) (envelope-from ler@FreeBSD.org) Received: from ler-imac.local (unknown [IPv6:2600:1700:210:b18f:64b5:3a22:e800:a09]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: ler/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id ED2EC14976 for ; Sat, 30 Jun 2018 02:03:22 +0000 (UTC) (envelope-from ler@FreeBSD.org) Date: Fri, 29 Jun 2018 21:03:21 -0500 From: Larry Rosenman To: freebsd-current@FreeBSD.org Subject: DNSSEC/Log Spam for partially DNSSEC domain Message-ID: <20180630020321.6mpusxvbn7fpy64y@ler-imac.local> Mail-Followup-To: freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2u6hhgvfwux2alpb" Content-Disposition: inline User-Agent: NeoMutt/20180622 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jun 2018 02:03:23 -0000 --2u6hhgvfwux2alpb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'm running Exim, with DNSSEC enabled, and my zone (lerctr.org) is DNSSEC signed, but my dyn.lerctr.org subdomain is NOT DNSSEC signed due to HE.net don't support DNSSEC.=20 I get a ton of: Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked f= or "borg.lerctr.org IN AAAA", got type "RRSIG" Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: asked f= or "borg.lerctr.org IN A", got type "RRSIG" in my logs, which comes from libc: /usr/src/lib/libc/net/getaddrinfo.c: 2092 #ifdef DEBUG 2093 if (type !=3D T_KEY && type !=3D T_SIG && 2094 type !=3D ns_t_dname) 2095 syslog(LOG_NOTICE|LOG_AUTH, 2096 "gethostby*.getanswer: asked for \"%s %s %s\", got t= ype \"%s\"", 2097 qname, p_class(C_IN), p_type= (qtype), 2098 p_type(type)); 2099 #endif Is there an easy way to make this quieter? --=20 Larry Rosenman https://people.FreeBSD.org/~ler/ Phone: +1 214-642-9640 E-Mail: ler@FreeBSD.org US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 --2u6hhgvfwux2alpb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQHBBAABCgCrFiEEHjgknedhWzvJgwVzaXyZsatIp30FAls25OktFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3JnbGVyQEZyZWVCU0Qub3JnXxSAAAAAAC4AKGlz c3Vlci1mcHJAbm90YXRpb25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxRTM4 MjQ5REU3NjE1QjNCQzk4MzA1NzM2OTdDOTlCMUFCNDhBNzdEAAoJEGl8mbGrSKd9 2PQH/1HW88eh+eqANVcwhL7L7PGrJRhk3IAS4UTWclsHYrmtbwzLgMmBpg01009S OyHe88mTpe5GU0Ywxt/3opBz4qeElO6NI5JnFkKL8GWG6/jtLOztgWQlfQC5EXLy f/AXMezEDUHSEY8biME44q0n+udsyVBxLafOpnxyt+jNrcjfNNqoC4NpyvE03YCw vbhdUNBUVuuvlZFru8gwFtFYIvcNCIQj9tnAOhdt9Vf+xHZH2pHfVZtaJ1pJ6OOM TOb54EixaFAzn992KqoiR3hnCO7yWa1KsspCNQBgXaCHrc53IhrSddZQtEJYDsOv aeTJ2YuQlnSbYp4isKRWEj15Dx0= =OzIT -----END PGP SIGNATURE----- --2u6hhgvfwux2alpb--