These are chat archives for CZ-NIC/knot-resolver

17th
May 2018
Petr Špaček
@pspacek
May 17 2018 12:42
@robcza Hello Robert. At the momemt we do not have such setting. Logging needs a serious design first - we are more than happy to discuss your requirementes.
If you need something immediatelly it should be easy to patch, just grep for the message from verbose log and change loglevel.
Robert Šefr
@robcza
May 17 2018 12:49
@pspacek thank you Petr, that sounds fairly easy - the idea is to identify spikes in dnssec validation failures, usually caused by some sort of expiration/misconfiguration on the domain level.
Vladimír Čunát
@vcunat
May 17 2018 12:49
This in particular might be easy to implement via a simple module that inspects the BOGUS flag at the end of each request, or something like that. It might e.g. print to the log even for non --verbose mode.
If you/operators just want counts, it might be better to e.g. extend the stats module to collect this as well.
Robert Šefr
@robcza
May 17 2018 12:52
@vcunat stats would be nice to have an overview, but does not help finding the culprit domain. BOGUS flag sounds nice as well, just not sure what else except dnssec failures it covers
Vladimír Čunát
@vcunat
May 17 2018 12:54
It's only dnssec failures. It's actually called DNSSEC_BOGUS.
Robert Šefr
@robcza
May 17 2018 12:54
:)
Petr Špaček
@pspacek
May 17 2018 12:55
@robcza For debugging purposes you might be interested in https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/405
Vladimír Čunát
@vcunat
May 17 2018 12:56
Yes, though I don't expect this to be significantly more useful than grepping in this particular case.