On Tue, 18 Sep 2012 06:00:06 +0200 Paul Muster <p...@muster.dyndns.info> wrote:
> Update:
>
> > (1) please change
> >
> > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
> > [.:[:xdigit:]]+#[[:digit:]]+: updating zone '[-._[:alnum:]]+/IN':
> > (adding an RR|deleting rrset) at '[._[:alnum:]-]+' A$
> >
> > to
> >
> > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client
> > [.:[:xdigit:]]+#[[:digit:]]+: updating zone '[-._[:alnum:]]+/IN':
> > (adding an RR|deleting rrset|deleting an RR) at '[._[:alnum:]-]+'
> > (A|PTR|TXT)$
It's a shame no-one replied to this bug from 2012.
I suspect these no longer match anything, but more broadly: I;m not
sure logcheck should be filtering messages related to zone transfers
by default: that seems like quite a niche/advanced/worrying situation
-- for most people using bind i think you'd want to know if someone
was transferring or updating your zones - i certainly would not want
these filtered.
Nothing to stop people with advanced configurations adding local rules
of course, but the defaults should be conservative here. So am tempted
to close/wontfix this one.
However, if anyone is watching this bug and takes a diffferent view
please reply
as this is worth a discussion (and im going through bind rules currently)
