From luigi.lauro at gmail.com Sun Mar 7 15:52:15 2010 From: luigi.lauro at gmail.com (Luigi Lauro) Date: Sun, 7 Mar 2010 21:52:15 +0100 Subject: Feature Request: more flexible logging facilities Message-ID: <71ec90821003071252l2b3c48a3k43511028f2cd05ad@mail.gmail.com> First of all I want to thank you for all the hard effort on this wonderful DNS server. I've been looking hard for a tinydns replacement, and, finally, MaraDNS fits perfectly. Right now I'm using dnscache as a non-threaded recursive local cache, while using MaraDNS compiled authonly (i need IPV6 and several other auth only features) as my only authoritative name server (alone with zoneserver for zone transfers). This is a perfect match, at least till your new non-threaded recursive local cache is out, which I hope will give dnscache a real treat! :-) Now let's get down to business: how to improve MaraDNS. The only gripe I found so far is that I'm a logging/monitoring freak, and I'm having really problems to implement a decent logging/monitoring solution for MaraDNS, and the main reason is the fact I cannot tell MaraDNS to log into a separate log file. On FreeBSD everything gets into daemon.info, which is /var/log/messages, and it's quite hard do split the MaraDNS lines from the rest, and therefore is quite hard to implement a decent munin monitoring plugin such as I had with tinydns (the wonderful tinystats). So what I'm asking and suggesting for is two different things: A) A more flexible logging configuration (alternatives to syslog, for example logging to a separate file, or at least being able to choose the syslog facility and the ident name, so I can create a 'maradns' and have it into a separate log file) B) If possible, some statistics interface, so to be able to query MaraDNS for statistical informations (how many queries requested, how many for each RR type, % of query in errors, etc...) This would allow me to have a comprehensive, dedicated MaraDNS log to look at to check how MaraDNS is working and if everything is ok, without having to look at a massive /var/log/messages. I know I can easily do a grep out of that log, but having maradns logging to a separate file from the start is a nice option I think, and it's in 99,9999% of the 'servers/daemons' out there for a reason. And, it's quite ugly that the 'ident' given is the default full path, it would be perfectly to be able to choose as I said both syslog facilities and ident in case syslog logging is wanted. Also, the stats interface would be wonderful to easily realise something as: http://motoko.lapo.it/munin/lapo.it/motoko.lapo.it-tinydns.html http://motoko.lapo.it/munin/lapo.it/motoko.lapo.it-tinydns_err.html Currently, these two shortcomings are the only things that I would love to have from the 'old' djb tinydns, which I used to run as my only authoritative DNS. I don't want to have reasons to look back, hence I'm suggesting these things. Thank you for your patience and keep up the wonderful work, -- Luigi Lauro From strenholme.usenet at gmail.com Mon Mar 8 01:19:08 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 8 Mar 2010 00:19:08 -0600 Subject: Feature Request: more flexible logging facilities In-Reply-To: <71ec90821003071252l2b3c48a3k43511028f2cd05ad@mail.gmail.com> References: <71ec90821003071252l2b3c48a3k43511028f2cd05ad@mail.gmail.com> Message-ID: <7bd685721003072219y70d6afe2ybe0bad45994f8c23@mail.gmail.com> > I've been looking hard for a tinydns replacement, and, finally, > MaraDNS fits perfectly. A lot of the design has been inspired by the djbdns suite. DJB made a great DNS server; it's too bad it had a lousy license until 2007 and that no official release has been made since 2001 (the last version has three security bugs). DJB really should let someone be the official maintainer so it can stay current; I think Russ Nelson would make an excellent maintainer for djbdns. > This is a perfect match, at least till your new non-threaded recursive > local cache is out, which I hope will give dnscache a real treat! :-) I don't give timelines for releasing my software. If you have been reading my blog, I have made a lot of progress with the full recursion. > The only gripe I found so far is that I'm a logging/monitoring freak, > and I'm having really problems to implement a decent > logging/monitoring solution for MaraDNS, and the main reason is the > fact I cannot tell MaraDNS to log into a separate log file. Logging is done by duende, which is a very simple 252-line C program. MaraDNS uses stdout for all messages; these messages are caught by duende, which logs them using syslog. It's open source software; you are free to modify duende (or pay me or anyone else to modify duende if you don't want to get your hands dirty with programming) to log messages in a manner that works for you. > On FreeBSD everything gets into daemon.info, which is > /var/log/messages, and it's quite hard do split the MaraDNS lines from > the rest, tail -f /var/log/messages | grep maradns I presume FreeBSD's syslog daemon does fflush() after logging a message. > B) If possible, some statistics interface, so to be able to query > MaraDNS for statistical informations (how many queries requested, how > many for each RR type, % of query in errors, etc...) See above about duende. The authoritative half of MaraDNS is in a deep freeze right now and it's very unlikely I'll implement features besides finishing up the BIND zone file conversion Python script unless fortune smiles on me and Oracle or someone else decides to pay me to work full-time on MaraDNS. > I don't want to have reasons to look back, hence I'm suggesting these things. Yes, and I'm sorry I don't have time to implement features requests people give me on the internet for fun and for free. I'm married, and, yeah, my wife keeps telling me I need to get paid if I'm going to continue to work on MaraDNS, and I agree with her. I'm getting older and my youthful days of developing open source software will soon be behind me. Marriage is nice, but I have to give up some things to be the best possible husband for my beautiful wife. I have posted about this on the blog. For example, from http://maradns.blogspot.com/search/label/freetards : People who think open-source software (OSS) makes it possible for all content to be free don?t understand how OSS changes the relationship between the developer and the user. A lot of people think an OSS program is like a commercial program, but free, and that they can ask for features or get support for free, and it gets pretty tiring to have people email me asking for free support, even though I make it clear that I don't provide free email support for my program. The thinking behind OSS is that I donate some of my coding time and effort to the greater community. In return, people are free to contribute bug fixes or improvements to the program, or supply support on the mailing list. For example, someone wanted better IPv6 support, supplied patches, and now MaraDNS has good IPv6 support. Another person wanted better Windows service support, and supplied patches to make MaraDNS? new recursive core be a full Windows service. Other people answer user's questions on the mailing list or translate documentation. Webconquest very generously provides me a free Linux shell account and hosting for the web site. > Thank you for your patience and keep up the wonderful work, Thank you for your kind words. MaraDNS 2.0 will probably be my last release; I will continue to maintain the software with bug fixes and routine maintenance such as updating the root servers as needed. If someone else who is a skilled C programmer becomes willing to carry the torch, I will allow them to be the maintainer for MaraDNS 3.0 and other future releases; I will remain responsible for bug fixes in the 1.4 and 2.0 branches of MaraDNS unless I get hit by a bus. - Sam From luigi.lauro at gmail.com Wed Mar 10 03:37:04 2010 From: luigi.lauro at gmail.com (Luigi Lauro) Date: Wed, 10 Mar 2010 09:37:04 +0100 Subject: Feature Request: more flexible logging facilities In-Reply-To: <7bd685721003072219y70d6afe2ybe0bad45994f8c23@mail.gmail.com> References: <71ec90821003071252l2b3c48a3k43511028f2cd05ad@mail.gmail.com> <7bd685721003072219y70d6afe2ybe0bad45994f8c23@mail.gmail.com> Message-ID: <71ec90821003100037ufa322e0r75fd55dabc670b3b@mail.gmail.com> On Mon, Mar 8, 2010 at 07:19, Sam Trenholme wrote: > A lot of the design has been inspired by the djbdns suite. ?DJB made a > great DNS server; it's too bad it had a lousy license until 2007 and > that no official release has been made since 2001 (the last version > has three security bugs). ?DJB really should let someone be the > official maintainer so it can stay current; I think Russ Nelson would > make an excellent maintainer for djbdns. I seriously hope someone skilled comes up and take djbdns into the world of actively maintaned opensource products. it really deserves it. > I don't give timelines for releasing my software. ?If you have been > reading my blog, I have made a lot of progress with the full > recursion. I know and I'll check it out as soon as it's out, even if dnscache already suits quite perfectly (we all know a recursive cache is not something that should or have changed in the last 10 year... so dnscache despite the lack of updates it still quite perfect) ;-) > Logging is done by duende, which is a very simple 252-line C program. > MaraDNS uses stdout for all messages; these messages are caught by > duende, which logs them using syslog. > > It's open source software; you are free to modify duende (or pay me or > anyone else to modify duende if you don't want to get your hands dirty > with programming) to log messages in a manner that works for you. > > tail -f /var/log/messages | grep maradns > > I presume FreeBSD's syslog daemon does fflush() after logging a message. I know, but still, it's quite weird to see MaraDNS so full-featured, and still miss what 99,9999999999% of the opensource project give as 'standard': a flexible logging configuration. It would be useful to be able to choose at least the syslog facility, and I think this can be done easily, if the 'logging to file' involves get rid of duende to switch to something more flexible. I know its OPS and i could do this myself, but I've little C skills (actually not, but they are really rusted), and I thought it would be a no brainer for such an active and present maintainer as you are. Mine was only a suggestion, feel free to do it whatever you want of it ^_^ > See above about duende. ?The authoritative half of MaraDNS is in a > deep freeze right now and it's very unlikely I'll implement features > besides finishing up the BIND zone file conversion Python script > unless fortune smiles on me and Oracle or someone else decides to pay > me to work full-time on MaraDNS. I understand. > Yes, and I'm sorry I don't have time to implement features requests > people give me on the internet for fun and for free. ?I'm married, > and, yeah, my wife keeps telling me I need to get paid if I'm going to > continue to work on MaraDNS, and I agree with her. > > I'm getting older and my youthful days of developing open source > software will soon be behind me. ?Marriage is nice, but I have to give > up some things to be the best possible husband for my beautiful wife. > > I have posted about this on the blog. ?For example, from > http://maradns.blogspot.com/search/label/freetards : > > People who think open-source software (OSS) makes it possible for all > content to be free don?t understand how OSS changes the relationship > between the developer and the user. A lot of people think an OSS > program is like a commercial program, but free, and that they can ask > for features or get support for free, and it gets pretty tiring to > have people email me asking for free support, even though I make it > clear that I don't provide free email support for my program. > > The thinking behind OSS is that I donate some of my coding time and > effort to the greater community. In return, people are free to > contribute bug fixes or improvements to the program, or supply support > on the mailing list. For example, someone wanted better IPv6 support, > supplied patches, and now MaraDNS has good IPv6 support. Another > person wanted better Windows service support, and supplied patches to > make MaraDNS? new recursive core be a full Windows service. Other > people answer user's questions on the mailing list or translate > documentation. Webconquest very generously provides me a free Linux > shell account and hosting for the web site. Totally agree on that. In fact I didn't pretend or expect something, I just wanted to contribute to this wonderful opensource project by giving some suggestions and hints on how to improve it. Maybe you will take them and implement them, maybe not, maybe someone else will, maybe I will myself... who knows? But suggestions on how to improve is the real fuel of the quality of opensource software, and I wanted to help, just that ^_^ > Thank you for your kind words. ?MaraDNS 2.0 will probably be my last > release; I will continue to maintain the software with bug fixes and > routine maintenance such as updating the root servers as needed. If > someone else who is a skilled C programmer becomes willing to carry > the torch, I will allow them to be the maintainer for MaraDNS 3.0 and > other future releases; I will remain responsible for bug fixes in the > 1.4 and 2.0 branches of MaraDNS unless I get hit by a bus. I hope to see 2.0 soon then. Keep up the wonderful work! ^_^ -- Luigi Lauro From ruskie at codemages.net Wed Mar 10 03:44:43 2010 From: ruskie at codemages.net (=?UTF-8?Q?Andra=C5=BE_'ruskie'_Levstik?=) Date: Wed, 10 Mar 2010 09:44:43 +0100 (CET) Subject: Feature Request: more flexible logging facilities In-Reply-To: <71ec90821003100037ufa322e0r75fd55dabc670b3b@mail.gmail.com> References: <71ec90821003071252l2b3c48a3k43511028f2cd05ad@mail.gmail.com> <7bd685721003072219y70d6afe2ybe0bad45994f8c23@mail.gmail.com> <71ec90821003100037ufa322e0r75fd55dabc670b3b@mail.gmail.com> Message-ID: :2010-03-10T09:37:Luigi Lauro: > > Logging is done by duende, which is a very simple 252-line C program. > > MaraDNS uses stdout for all messages; these messages are caught by > > duende, which logs them using syslog. > > > I know, but still, it's quite weird to see MaraDNS so full-featured, > and still miss what 99,9999999999% of the opensource project give as > 'standard': a flexible logging configuration. > > It would be useful to be able to choose at least the syslog facility, > and I think this can be done easily, if the 'logging to file' involves > get rid of duende to switch to something more flexible. Have you actually tried duende? Quote from the manpage: For example, suppose one invokes duende thusly: duende /usr/local/sbin/maradns If invoked thusly, duende will log all messages with the "ident" (program name) of "/usr/local/sbin/maradns". If this is not desired, invoke duende with something like: export PATH=$PATH:/usr/local/sbin duende maradns This will log messages with a (more sensible) "ident" of maradns. End quote It works great for me. And using a better sysloger like metalog, rsyslog and such makes it easy to filter per ident no clue if regular syslog does that though. I get all maradns logs as: /var/log/$host/maradns/current which I then logrotate. -- Andra? 'ruskie' Levstik Source Mage GNU/Linux Games/Xorg grimoire guru Re-Alpine Coordinator http://sourceforge.net/projects/re-alpine/ Geek/Hacker/Tinker Quis custodiet ipsos custodes? From asimic at gmail.com Thu Mar 18 19:14:58 2010 From: asimic at gmail.com (Aleksandar Simic) Date: Thu, 18 Mar 2010 23:14:58 +0000 Subject: FreeBSD Maradns logging Message-ID: <7d1be6611003181614u3657e47ja927948e6fbc7323@mail.gmail.com> Hello, I see that logging under FreeBSD was mentioned on the list here: http://maradns.blogspot.com/2008_09_01_archive.html and that it was resolved and bloged about here: http://maradns.blogspot.com/2008/09/maradns-snapshot-update-freebsd-logging.html However the addition in /etc/syslog.conf of: daemon.info /var/log/daemon is still required along with: touch /var/log/daemon && chown root:wheel /var/log/daemon \ && chmod 640 /var/log/daemon && kill -HUP $(pgrep syslogd) Otherwise, the same symptoms as before: nothing is being passed to syslogd and nothing is to be found in /var/log/messages. This is on FreeBSD 8-STABLE. Are there any other FreeBSD users seeing the same issue? Also, the rc.d scripts supplied with the FreeBSD port of maradns don't stop the service. I've created the fixes, which are very trivial that remedies this. It consists of commenting out/deleting the following line: pidfile="/var/run/${name}.pid" This is applicable for maradns & zoneserver. I thought I'd post it here first to see if there are any FreeBSD users who might comment on it. I suppose this might be applicable to NetBSD too, as they are using the same rc.d system. If I don't hear anything I'll post it to FreeBSD ports mail list. Thanks, Aleksandar From strenholme.usenet at gmail.com Fri Mar 19 09:48:07 2010 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 19 Mar 2010 07:48:07 -0600 Subject: FreeBSD Maradns logging In-Reply-To: <7d1be6611003181614u3657e47ja927948e6fbc7323@mail.gmail.com> References: <7d1be6611003181614u3657e47ja927948e6fbc7323@mail.gmail.com> Message-ID: <7bd685721003190648x7b440a1dqeb3456d22848644b@mail.gmail.com> > I see that logging under FreeBSD was mentioned on the list here: > > http://maradns.blogspot.com/2008_09_01_archive.html > > and that it was resolved and bloged about here: > > http://maradns.blogspot.com/2008/09/maradns-snapshot-update-freebsd-logging.html Indeed. The changes in question were only applied to the branch of MaraDNS code which is now the 1.4 stable branch of MaraDNS. People still using MaraDNS 1.3 or MaraDNS 1.2 will still have the following problem: > However the addition in /etc/syslog.conf of: > > daemon.info /var/log/daemon > > is still required along with: > > touch /var/log/daemon && chown root:wheel /var/log/daemon \ > && chmod 640 /var/log/daemon && kill -HUP $(pgrep syslogd) Another option is to upgrade from MaraDNS 1.2/1.3 to MaraDNS 1.4 (currently MaraDNS 1.4.03). I still maintain the 1.2 and 1.3 branches of MaraDNS, but only for critical security fixes. I will stop maintaining the 1.2 branch on December 21, 2010, and the 1.3 branch on December 21, 2012, so distributions and people making MaraDNS packages have plenty of time to upgrade, but it does need to be done. Information about updating MaraDNS and the minor configuration file changes is here: http://maradns.org/tutorial/update.html I don't know which version of MaraDNS the FreeBSD package uses; if it uses the 1.2 branch, it should use 1.2.12.10 (the last issue which was a critical security issue was fixed in 1.2.12.08). If it uses the 1.3 branch, it should use 1.3.07.10; 1.3.07.04 fixes the last critical security issue; 1.3.07.10 fixes a minor security issue which I blogged about here: http://maradns.blogspot.com/2010/02/maradns-1403-and-130710-released.html For djbdns fanboys who still think djbdns is perfectly secure without needing updates, I blogged about that here: http://maradns.blogspot.com/2010/02/there-is-no-such-thing-as-perfectly.html Thanks for this information; if I have time, I will add this information to the MaraDNS FAQ. - Sam Note: I do not answer MaraDNS (including Deadwood) support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. (You would be amazed what lusers don't consider support requests) I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. It is not a security report unless you've done due diligence to determine how the security bug you think you found can reasonably be exploited. (Lusers who don't know how to interpret a stack trace like to use the "security report" loophole to try and get free email support this way. If you don't have enough clue to read a stack trace to determine how a segfault could be exploited, you don't have enough clue to get support from me for free via private email. I've only had two people with enough clue to send me this kind of security report: Jo?o Antunes, who found a couple of remotely exploitable memory leaks, and the relevant people at CERT who communicated with me to make sure MaraDNS wasn't vulnerable to the Kaminsky DNS security hole before it became public) From asimic at gmail.com Fri Mar 19 10:25:20 2010 From: asimic at gmail.com (Aleksandar Simic) Date: Fri, 19 Mar 2010 14:25:20 +0000 Subject: FreeBSD Maradns logging In-Reply-To: <7bd685721003190648x7b440a1dqeb3456d22848644b@mail.gmail.com> References: <7d1be6611003181614u3657e47ja927948e6fbc7323@mail.gmail.com> <7bd685721003190648x7b440a1dqeb3456d22848644b@mail.gmail.com> Message-ID: <7d1be6611003190725j123eeb93v3e29fa514a9c1625@mail.gmail.com> On 19 March 2010 13:48, Sam Trenholme wrote: >> I see that logging under FreeBSD was mentioned on the list here: >> >> http://maradns.blogspot.com/2008_09_01_archive.html >> >> and that it was resolved and bloged about here: >> >> http://maradns.blogspot.com/2008/09/maradns-snapshot-update-freebsd-logging.html > > Indeed. ?The changes in question were only applied to the branch of > MaraDNS code which is now the 1.4 stable branch of MaraDNS. ?People > still using MaraDNS 1.3 or MaraDNS 1.2 will still have the following > problem: Ah, good to know. I'm seeing this on 1.3.07.09. > I don't know which version of MaraDNS the FreeBSD package uses; I've been using a older version of ports. Checking them now it seems that 1.4.03 has been in the ports for the past five weeks now. I'll try it with that and report back on how it plays out. Thanks, Aleksandar From asimic at gmail.com Fri Mar 19 11:28:19 2010 From: asimic at gmail.com (Aleksandar Simic) Date: Fri, 19 Mar 2010 15:28:19 +0000 Subject: FreeBSD Maradns logging In-Reply-To: <7d1be6611003190725j123eeb93v3e29fa514a9c1625@mail.gmail.com> References: <7d1be6611003181614u3657e47ja927948e6fbc7323@mail.gmail.com> <7bd685721003190648x7b440a1dqeb3456d22848644b@mail.gmail.com> <7d1be6611003190725j123eeb93v3e29fa514a9c1625@mail.gmail.com> Message-ID: <7d1be6611003190828m68ddba76wc382510db12c9482@mail.gmail.com> On 19 March 2010 14:25, Aleksandar Simic wrote: > On 19 March 2010 13:48, Sam Trenholme wrote: >> Indeed. ?The changes in question were only applied to the branch of >> MaraDNS code which is now the 1.4 stable branch of MaraDNS. ?People >> still using MaraDNS 1.3 or MaraDNS 1.2 will still have the following >> problem: > > Ah, good to know. I'm seeing this on 1.3.07.09. > > > >> I don't know which version of MaraDNS the FreeBSD package uses; > > I've been using a older version of ports. Checking them now it seems > that 1.4.03 has been in the ports for the past five weeks now. > > I'll try it with that and report back on how it plays out. Upgraded to the latest ports, with 1.4.03 everything is working smoothly. No need for any modifications to syslog.conf. The startup script using FreeBSD's rc.d that comes supplied with the package also functions correctly. Thanks, Aleksandar