From owner-freebsd-current@freebsd.org Sat Jun 30 09:33:25 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E8EDF102715A for ; Sat, 30 Jun 2018 09:33:24 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from tensor.andric.com (tensor.andric.com [87.251.56.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "tensor.andric.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A66BA76806; Sat, 30 Jun 2018 09:33:24 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from coleburn.home.andric.com (coleburn.home.andric.com [192.168.0.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tensor.andric.com (Postfix) with ESMTPSA id 0CCB4D59C; Sat, 30 Jun 2018 11:33:23 +0200 (CEST) From: Dimitry Andric Message-Id: <9A9BEA31-1677-4F5D-A987-40B0E50EE9BF@FreeBSD.org> Content-Type: multipart/signed; boundary="Apple-Mail=_F1DB7737-B20D-4030-B13A-9EE8AD20DFAC"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\)) Subject: Re: DNSSEC/Log Spam for partially DNSSEC domain Date: Sat, 30 Jun 2018 11:33:19 +0200 In-Reply-To: <20180630020321.6mpusxvbn7fpy64y@ler-imac.local> Cc: freebsd-current@FreeBSD.org To: Larry Rosenman References: <20180630020321.6mpusxvbn7fpy64y@ler-imac.local> X-Mailer: Apple Mail (2.3445.8.2) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jun 2018 09:33:25 -0000 --Apple-Mail=_F1DB7737-B20D-4030-B13A-9EE8AD20DFAC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 30 Jun 2018, at 04:03, Larry Rosenman wrote: >=20 > I'm running Exim, with DNSSEC enabled, and my zone (lerctr.org) is > DNSSEC signed, but my dyn.lerctr.org subdomain is NOT DNSSEC signed = due > to HE.net don't support DNSSEC. >=20 > I get a ton of: > Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: = asked for "borg.lerctr.org IN AAAA", got type "RRSIG" > Jun 29 20:12:53 thebighonker exim[37649]: gethostby*.gethostanswer: = asked for "borg.lerctr.org IN A", got type "RRSIG" >=20 > in my logs, which comes from libc: > /usr/src/lib/libc/net/getaddrinfo.c: > 2092 #ifdef DEBUG > 2093 if (type !=3D T_KEY && type !=3D T_SIG = && > 2094 type !=3D ns_t_dname) > 2095 syslog(LOG_NOTICE|LOG_AUTH, > 2096 "gethostby*.getanswer: asked for \"%s %s %s\", = got type \"%s\"", > 2097 qname, p_class(C_IN), = p_type(qtype), > 2098 p_type(type)); > 2099 #endif >=20 > Is there an easy way to make this quieter? I see this code is only included if DEBUG is defined. Maybe undefine DEBUG, for this particular file? Or hack it so it has #undef DEBUG at the top? That said, I'm not sure if debug messages like this should be enabled by default, and impossible to squelch without recompiling libc. So maybe we should #if 0 it, instead. -Dimitry --Apple-Mail=_F1DB7737-B20D-4030-B13A-9EE8AD20DFAC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.2 iF0EARECAB0WIQR6tGLSzjX8bUI5T82wXqMKLiCWowUCWzdOXwAKCRCwXqMKLiCW owNVAJ9+KRFGTEUzXoqWjs02s/T6BUFJGACePKTGB+GRDQQVw8CDQUm30msidgw= =iJsz -----END PGP SIGNATURE----- --Apple-Mail=_F1DB7737-B20D-4030-B13A-9EE8AD20DFAC--