Ian Pilcher via FreeIPA-users wrote: > I am experiencing sporadic DNS failures on my Fedora 42-based FreeIPA > server on my home network, and I've been digging into the BIND logging > configuration to try to figure out what is going on. > > The main BIND logging configuration seems to come from > /etc/named/ipa-logging-ext.conf. I have no memory of creating this > file, but it also doesn't seem to be part of any RPM. > > Was this file created by the FreeIPA installer? (If not, ignore the > next question.)
Yes, the IPA server installer creates it. I suppose we should %ghost that file in our spec. > Assuming that /etc/named/ipa-logging-ext.conf was created by the FreeIPA > installer (or it otherwise "comes from" FreeIPA), what is the reasoning > for putting all of the log files in /var/named/data, rather than some- > where under /var/log? Disclaimer: I only know enough DNS to be dangerous. Take the following with a grain of salt. I think that traditionally /var/named/data was used for logs. In my days as a sysadmin[1] that is where the named logs have always been. I think that is the way that Fedora and RHEL are configured for out-of-the-box. The template for this custom logging file hasn't changed since it was introduced in 2021 and it mentioned it follows recommendations from https://kb.isc.org/docs/aa-01526 That is true for the settings but not for log directory. Now maybe the creator of the file just stuck with the rpm defaults since we know the directory /var/named/data will exist whereas who knows about /var/log/named. Maybe he'll chime in here. > I have /var/log on a separate filesystem, but that obviously doesn't > prevent my root filesystem being filled with DNS logs if those aren't > going into that location. > > If I modify /etc/named/ipa-logging-ext.conf to put the BIND logs under > /var/log, rather than /var/named, am I going to break something? I'm not aware of any issues with that beyond typical problems like existence, permissions and SELinux. We don't seem to run bind in a chroot so I think you'd be fine using absolute file names assuming the rest is worked out. rob [1] My O'Reilly DNS and BIND book is from 1993. I'm afraid to see what versions of bind it covers. It's been ages since anyone has trusted me to run a DNS server. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
