On Mon, Sep 24, 2007 at 06:33:07PM -0400, Frédéric Brière wrote:
> Package: logcheck-database
> Version: 1.2.61
> Severity: wishlist
> File: /etc/logcheck/ignore.d.server/bind
>
> After #437891, I got yet another new "unexpected RCODE", this time
> "NOTIMP". As I was starting to get pissed off, I copied the whole list
> out of lib/dns/result.c, in an attempt to put an end to my headache.
>
> If you insist on using an enumeration instead of ".*", here's the
> complete list (aside from NOERROR, obviously):
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unexpected RCODE
> \((FORMERR|SERVFAIL|NXDOMAIN|NOTIMP|REFUSED|YXDOMAIN|YXRRSET|NXRRSET|NOTAUTH|NOTZONE|BADVERS|<rcode
> [[:digit:]]+>|[[:digit:]]+)\) resolving '[^[:space:]]+':
> [.[:digit:]]+#[0-9]+$
Aren't some of these worth reporting? eg. REFUSED and NOTAUTH are
probably okay for a workstation.
> For curiosity's sake, I tried to find if there were rcodes that would
> never be unexpected, but there doesn't seem any common denominator.
The bind message says "Unexpected" so should these really be filtered?
Thanks
Justin
