It’s probably specific to the bind chroot. Bind is usually chroot to /var/named/... so anything in /var/log would be outside the chroot.
> On Aug 15, 2025, at 11:52 AM, Rob Crittenden via FreeIPA-users > <[email protected]> wrote: > > Ian Pilcher via FreeIPA-users wrote: >> I am experiencing sporadic DNS failures on my Fedora 42-based FreeIPA >> server on my home network, and I've been digging into the BIND logging >> configuration to try to figure out what is going on. >> >> The main BIND logging configuration seems to come from >> /etc/named/ipa-logging-ext.conf. I have no memory of creating this >> file, but it also doesn't seem to be part of any RPM. >> >> Was this file created by the FreeIPA installer? (If not, ignore the >> next question.) > > Yes, the IPA server installer creates it. I suppose we should %ghost > that file in our spec. > >> Assuming that /etc/named/ipa-logging-ext.conf was created by the FreeIPA >> installer (or it otherwise "comes from" FreeIPA), what is the reasoning >> for putting all of the log files in /var/named/data, rather than some- >> where under /var/log? > > Disclaimer: I only know enough DNS to be dangerous. Take the following > with a grain of salt. > > I think that traditionally /var/named/data was used for logs. In my days > as a sysadmin[1] that is where the named logs have always been. I think > that is the way that Fedora and RHEL are configured for out-of-the-box. > > The template for this custom logging file hasn't changed since it was > introduced in 2021 and it mentioned it follows recommendations from > https://kb.isc.org/docs/aa-01526 > > That is true for the settings but not for log directory. Now maybe the > creator of the file just stuck with the rpm defaults since we know the > directory /var/named/data will exist whereas who knows about > /var/log/named. Maybe he'll chime in here. > >> I have /var/log on a separate filesystem, but that obviously doesn't >> prevent my root filesystem being filled with DNS logs if those aren't >> going into that location. >> >> If I modify /etc/named/ipa-logging-ext.conf to put the BIND logs under >> /var/log, rather than /var/named, am I going to break something? > > I'm not aware of any issues with that beyond typical problems like > existence, permissions and SELinux. We don't seem to run bind in a > chroot so I think you'd be fine using absolute file names assuming the > rest is worked out. > > rob > > [1] My O'Reilly DNS and BIND book is from 1993. I'm afraid to see what > versions of bind it covers. It's been ages since anyone has trusted me > to run a DNS server. > > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
