diff options
| author | Erich Eckner <git@eckner.net> | 2023-09-24 22:14:56 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2023-09-24 22:14:56 +0200 |
| commit | 49ae197d314259b8464c564159e8fbe663b36462 (patch) | |
| tree | 33aea29dbea087560b2d911d08c5b9703115ae3c | |
| parent | 5ce2afc338f59f395e97da16452a0a4a673134f8 (diff) | |
| download | logwatch-overrides-49ae197d314259b8464c564159e8fbe663b36462.tar.xz | |
named: status quo
| -rw-r--r-- | named | 153 |
1 files changed, 81 insertions, 72 deletions
@@ -26,7 +26,7 @@ use Logwatch ':ip'; use strict; -#$DoLookup = ValueOrDefault($ENV{'named_ip_lookup'}, 0); +DoLookup( ValueOrDefault($ENV{'named_ip_lookup'}, 0) ); my $Debug = ValueOrDefault($ENV{'LOGWATCH_DEBUG'}, 0); my $Detail = ValueOrDefault($ENV{'LOGWATCH_DETAIL_LEVEL'}, 0); my $FailedZoneTransferThreshold = $ENV{'failed_zone_transfer_threshold'} || 0; @@ -68,7 +68,8 @@ my ( %GeoIPError, %HUR, %Hints, %LimitSlip, %NError, %NUR, %NoSOA, %OtherList, %StartLog, -%UnknownCCCommands, %NTAs, +%UnknownCCCommands, %BadCookie, %Timeout, +%LoopDetected, %MissingCookie, ); # Avoid "Use of uninitialized value" warning messages. sub ValueOrDefault { @@ -109,8 +110,6 @@ while (defined(my $ThisLine = <STDIN>)) { ($ThisLine =~ /prerequisite not satisfied/) or ($ThisLine =~ /(rcvd|Sent) NOTIFY/) or ($ThisLine =~ /ns_resp: TCP truncated/) or - ($ThisLine =~ /^zone \S+: refresh: truncated UDP answer, initiating TCP zone xfer for master /) or - ($ThisLine =~ /^master [0-9a-f:.]+#\d+ \(source [0-9a-f:.]+#\d+\) deleted from unreachable cache$/) or ($ThisLine =~ /No possible A RRs/) or ($ThisLine =~ /points to a CNAME/) or ($ThisLine =~ /dangling CNAME pointer/) or @@ -125,14 +124,13 @@ while (defined(my $ThisLine = <STDIN>)) { # This will generate another error that we will catch ($ThisLine =~ /transfer of .*: resetting/) or ($ThisLine =~ /Transfer status: (:?success|up to date)/) or - ($ThisLine =~ /^(client \S+ [0-9a-f:.]+#\d+ \(\S+\): (view \S+: )?)?transfer of .*: (IXFR|AXFR(|-style IXFR) (started|ended)|connected using|Transfer completed|failed while receiving responses: not exact)/) or - ($ThisLine =~ /^transfer of \S+ from \S+: (Transfer status: (timed out|host unreachable|connection reset|connection refused|success|REFUSED|SERVFAIL|up to date|end of file)|resetting|giving up: timed out)/) or ($ThisLine =~ /using \d+ CPU/) or ($ThisLine =~ /loading configuration/) or ($ThisLine =~ /command channel listening/) or ($ThisLine =~ /configuring command channel from/) or ($ThisLine =~ /interface ignored/) or ($ThisLine =~ /no IPv6 interfaces found/) or + ($ThisLine =~ /IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately/) or ($ThisLine =~ /using \d+ UDP listeners? per interface/) or ($ThisLine =~ /^running/) or ($ThisLine =~ /^exiting/) or @@ -143,7 +141,6 @@ while (defined(my $ThisLine = <STDIN>)) { ($ThisLine =~ /client .* response from Internet for .*/) or # ($ThisLine =~ /client .+ query \(cache\) '.*' denied/) or ($ThisLine =~ /client .+(?: \([^)]+\))?: query:/) or - ($ThisLine =~ /^client .+: rpz .+ rewrite \S+ via \S+$/) or # Do we really want to ignore these? #($ThisLine =~ /unknown logging category/) or ($ThisLine =~ /could not open entropy source/) or @@ -171,6 +168,7 @@ while (defined(my $ThisLine = <STDIN>)) { ($ThisLine =~ /zone .*: zone serial unchanged. zone may fail to transfer to slaves/) or ($ThisLine =~ /zone .*: loading from master file .* failed/) or ($ThisLine =~ /zone .*: NS '.*' has no address records/) or + ($ThisLine =~ /zone .* \(signed\): receive_secure_serial: unchanged/) or ($ThisLine =~ /.*: not a valid number$/) or ($ThisLine =~ /^(.*: )?unexpected end of input/) or ($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or @@ -178,19 +176,10 @@ while (defined(my $ThisLine = <STDIN>)) { ($ThisLine =~ /reloading zones succeeded/) or ($ThisLine =~ /generating session key/) or ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or - ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or + ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or + ($ThisLine =~ /success resolving '.*' after disabling qname minimization due to 'failure'/) or ($ThisLine =~ /the working directory is not writable/) or ($ThisLine =~ /using default UDP\/IPv[46] port range: \[[0-9]*, [0-9]*\]/) or - ($ThisLine =~ /using [[:digit:]]+ UDP listener per interface/) or - ($ThisLine =~ /^flush tree \S+ in cache view \S+: success$/) or - ($ThisLine =~ /^flushing caches in all views succeeded$/) or - ($ThisLine =~ /^[^:]+: sending trust-anchor-telemetry query '[^']+'$/) or - ($ThisLine =~ /set up managed keys zone/) or - ($ThisLine =~ /^managed-keys-zone: Key \d+ for my zone \S+ acceptance timer complete: key now trusted$/) or - ($ThisLine =~ /^managed-keys-zone: loaded serial [[:digit:]]+$/) or - ($ThisLine =~ /^managed-keys-zone: journal file is out of date: removing journal file$/) or - ($ThisLine =~ /^managed-keys-zone: Unable to fetch DNSKEY set '(\.|dlv\.isc\.org)': timed out$/) or - ($ThisLine =~ /^generating session key for my dynamic DNS$/) or ($ThisLine =~ /adjusted limit on open files from [0-9]* to [0-9]*/) or ($ThisLine =~ /using up to [0-9]* sockets/) or ($ThisLine =~ /built with/) or @@ -211,6 +200,7 @@ while (defined(my $ThisLine = <STDIN>)) { ($ThisLine =~ /serial number \(\d+\) received from master/) or ($ThisLine =~ /zone .*: skipping zone transfer as master .* is unreachable \(cached\)/) or ($ThisLine =~ /zone .*: notify from .*: serial \d+/) or + ($ThisLine =~ /zone [^:]+: serial \d+/) or ($ThisLine =~ /zone is up to date/) or ($ThisLine =~ /refresh in progress, refresh check queued/) or ($ThisLine =~ /refresh: NODATA response from master/) or @@ -220,14 +210,8 @@ while (defined(my $ThisLine = <STDIN>)) { ($ThisLine =~ /using built-in trusted-keys/) or ($ThisLine =~ /using built-in keys instead/) or ($ThisLine =~ /set up managed keys zone/) or - ($ThisLine =~ /managed-keys-zone.*[kK]ey (\d+ for zone \S+ is )?now trusted/) or + ($ThisLine =~ /managed-keys-zone.*[Kk]ey .*now trusted/) or ($ThisLine =~ /forwarding update for zone/) or - ($ThisLine =~ /^obtaining root key for view \S+ from '[^']+'$/) or - ($ThisLine =~ /^unable to set effective uid to \d+: Operation not permitted$/) or - ($ThisLine =~ /^none:\d+: 'max-cache-size \d+%' - setting to .+ \(out of .+\)$/) or - ($ThisLine =~ /^[^:]+: sending trust-anchor-telemetry query '[^']+'$/) or - ($ThisLine =~ /^\.\/config\.c: option '[^']+' is obsolete$/) or - ($ThisLine =~ /dhcpupdate: forwarding update for my zone/) or ($ThisLine =~ /forwarded dynamic update: master [^ ]* returned: (NXRRSET|YXDOMAIN)/) or ($ThisLine =~ /using .* as GeoIP directory/) or ($ThisLine =~ /GEO-.* Build/) or @@ -235,14 +219,9 @@ while (defined(my $ThisLine = <STDIN>)) { ($ThisLine =~ /looking for GeoIP2? databases in /) or ($ThisLine =~ /opened GeoIP2? database /) or # the following seems okay since it says "success" - ($ThisLine =~ /managed-keys-zone .*: No DNSKEY RRSIGs found for '.*': success/) or + ($ThisLine =~ /managed-keys-zone.*: No DNSKEY RRSIGs found for '.*': success/) or # the following seems to happen on startup ($ThisLine =~ /managed-keys-zone.*: Unable to fetch DNSKEY set '.*': operation canceled/) or - ($ThisLine =~ /validating [a-zA-Z.]+\/A(AAA)?: no valid signature found/) or - ($ThisLine =~ /validating \@0x[[:xdigit:]]+: .* no valid signature found/) or - ($ThisLine =~ /validating \@0x[[:xdigit:]]+: .* please check the 'trusted-keys' for 'dlv\.isc\.org' in named\.conf/) or - ($ThisLine =~ /validating \@0x[[:xdigit:]]+: .* unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for 'dlv\.isc\.org'/) or - ($ThisLine =~ /managed-keys-zone.*: No DNSKEY RRSIGs found for '.*': success/) or ($ThisLine =~ /managed-keys-zone.*: Unable to fetch DNSKEY set '.*': timed out/) or ($ThisLine =~ /^sizing zone task pool based on \d+ zones/) or ($ThisLine =~ /^BIND \d+ is maintained by Internet Systems Consortium/) or @@ -250,20 +229,23 @@ while (defined(my $ThisLine = <STDIN>)) { ($ThisLine =~ /corporation. Support and training for BIND \d+ are/) or ($ThisLine =~ /available at https:\/\/www.isc.org\/support/) or ($ThisLine =~ /----------------------------------------------------/) or + ($ThisLine =~ /^[^ ]+ algorithms: /) or + ($ThisLine =~ /^TKEY mode \d+ support /) or ($ThisLine =~ /next key event: /) or ($ThisLine =~ /reconfiguring zone keys/) or ($ThisLine =~ /using built-in DLV key/) or ($ThisLine =~ /trust-anchor-telemetry/) or + ($ThisLine =~ /^adb: grow_entries /) or # ($ThisLine =~ /reading built-in trusted keys from file/) or ($ThisLine =~ /all zones loaded/) or ($ThisLine =~ /resolver priming query complete/) or ($ThisLine =~ /client .* signer .* approved/) or ($ThisLine =~ /stop limiting/) or - ($ThisLine =~ /^dns64 reverse zone: \S+\.arpa\.$/) or # Previous line appears to contain the error ($ThisLine =~ /client .*: query failed .* for .* at /) or ($ThisLine =~ /increase from .* to .* RRL bins for .* entries/) or ($ThisLine =~ /flushing caches in all views succeeded/) or + ($ThisLine =~ /automatic interface scanning terminated/) or # ignore this line because the following line describes the error ($ThisLine =~ /unexpected error/) ) { @@ -284,8 +266,8 @@ while (defined(my $ThisLine = <STDIN>)) { $ShutdownNamed++; } elsif ( $ThisLine =~ /named shutdown failed/ ) { $ShutdownNamedFail++; - } elsif ( (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?zone transfer '(.+)' denied/ )) or - (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?bad zone transfer request: '(.+)':/ )) ) { + } elsif ( (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?\s*zone transfer '(.+)' denied/ )) or + (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?\s*bad zone transfer request: '(.+)':/ )) ) { $DeniedZoneTransfers{$Host}{$Zone}++; } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) { $DeferredZoneTransfers{$Zone}++; @@ -320,9 +302,7 @@ while (defined(my $ThisLine = <STDIN>)) { $ZoneRemoved{$Zone}++; } elsif ( ($Zone) = ( $ThisLine =~ /received notify for zone '(.*)'/ ) ) { $ZoneReceivedNotify{$Zone}++; - } elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) { - $ZoneReceivedNotify{$Zone}++; - } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+): refused notify from non-master/ ) ) { + } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+): refused notify from non-(?:master|primary)/ ) ) { $ZoneRefusedNotify{$Zone}++; # } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\d\.a-fA-F:]+) bad zone transfer request: '(.+)': (.+)$/ ) ) { } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+: bad zone transfer request: '(.+)': (.+)/ ) ) { @@ -336,10 +316,10 @@ while (defined(my $ThisLine = <STDIN>)) { } elsif ( ($Way,$Host) = ( $ThisLine =~ /([^ ]+): sendto\(\[([^ ]+)\].+\): Network is unreachable/ ) ) { my $FullHost = LookupIP ($Host); $NetworkUnreachable{$Way}{$FullHost}++; - } elsif ( ($Host,$Way) = ( $ThisLine =~ /client (?:\@0x[0-9a-fA-F]+ )?(.*)#\d+(?: \(.*\))?: (?:view \w+: )?error ([^ ]+) response: network unreachable/ ) ) { + } elsif ( ($Host,$Way) = ( $ThisLine =~ /client (?:\@0x[0-9a-fA-F]+ )?(.*)#\d+(?: \(.*\))?: (?:view \w+: )?\s*error ([^ ]+) response: network unreachable/ ) ) { my $FullHost = LookupIP ($Host); $NetworkUnreachable{$Way}{$FullHost}++; - } elsif ( ($Zone,$Message) = ( $ThisLine =~ /client [^\#]+#[^\:]+: (?:view \w+: )?updating zone '([^\:]+)': (.*)$/ ) ) { + } elsif ( ($Zone,$Message) = ( $ThisLine =~ /client [^\#]+#[^\:]+: (?:view \w+: )?\s*updating zone '([^\:]+)': (.*)$/ ) ) { $ZoneUpdates{$Zone}{$Message}++; } elsif ( ($Zone,$Source) = ( $ThisLine =~ /transfer of '([^\']+)' (from [^\#]+)#[^\:]+: Transfer completed: / ) ) { $ZoneUpdates{$Zone}{$Source}++; @@ -349,7 +329,7 @@ while (defined(my $ThisLine = <STDIN>)) { } elsif ( ($Client) = ( $ThisLine =~ /warning: client (.*) no more TCP clients/ ) ) { my $FullClient = LookupIP ($Client); $DeniedTCPClient{$FullClient}++; - } elsif ( ($Client) = ( $ThisLine =~ /client (?:\@0x[0-9a-fA-F]+ )?(.*)#\d+(?: \(.*\))?: (?:view \w+: )?query \(cache\) (?:'.*' )?denied/ ) ) { + } elsif ( ($Client) = ( $ThisLine =~ /client (?:\@0x[0-9a-fA-F]+ )?(.*)#\d+(?: \(.*\))?: (?:view \w+: )?\s*query \(cache\) (?:'.*' )?denied/ ) ) { my $FullClient = LookupIP ($Client); $DeniedQuery{$FullClient}++; } elsif ( ($Client) = ( $ThisLine =~ /client (?:\@0x[0-9a-fA-F]+ )?([^#]*)(#\d+)?(?: \(.*\))?: query '.*' denied/ ) ) { @@ -374,8 +354,6 @@ while (defined(my $ThisLine = <STDIN>)) { $ChannelAddFail{$Channel}{$Reason}++; } elsif ( ($Zone,$Host,undef,$Reason) = ($ThisLine =~ /zone ([^ ]*): refresh: failure trying master ([^ ]*)#\d+( \(source .*\))?: (.*)/) ) { $MasterFailure{"$Zone from $Host"}{$Reason}++; - } elsif ( ($Zone,undef,$Host,$Reason) = ($ThisLine =~ /^zone ([^ ]*): (got_transfer_quota|refresh): skipping zone transfer as master ([^ ]*)#\d+ \(source [0-9.:]+#\d+\) is (unreachable \(cached\))$/) ) { - $MasterFailure{"$Zone from $Host"}{$Reason}++; } elsif ( ($Zone,$Reason,$Host) = ($ThisLine =~ /zone ([^ ]*): refresh: unexpected rcode \((.*)\) from master ([^ ]*)#\d+/) ) { $MasterFailure{"$Zone from $Host"}{$Reason}++; } elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: non-authoritative answer from master/)) { @@ -383,25 +361,29 @@ while (defined(my $ThisLine = <STDIN>)) { } elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: retry limit for master \S+ exceeded/) ) { $RetryLimit{$Zone}++; } elsif ( ($Rcode, $Zone, $Host) = ($ThisLine =~ /(?:error \()?unexpected RCODE\)? \(?(.*?)\)? resolving '(.*)': (.*)$/) ){ + # Remove port number, for proper IP sorting + $Host =~ s/#.*//; $UnexpRCODE{$Rcode}{$Zone}{$Host}++; } elsif ( ($Rcode, $Zone, $Host) = ($ThisLine =~ /(.*) unexpected RCODE resolving '(.*)': (.*)$/) ){ + # Remove port number, for proper IP sorting + $Host =~ s/#.*//; $UnexpRCODE{$Rcode}{$Zone}{$Host}++; } elsif ( ($ThisLine =~ /(?:error \()?FORMERR\)? resolving '[^ ]+: [.0-9a-fA-F:#]+/) or - ($ThisLine =~ /DNS format error from [^ ]+ resolving [^ ]+( for (client )?[^ ]+)?: .*/) ) { + ($ThisLine =~ /DNS format error from [^ ]+ resolving [^ ]+( for( client)? [^ ]+)?: .*/) ) { chomp($ThisLine); $FormErr{$ThisLine}++; } elsif ( ($ThisLine =~ /found [0-9]* CPU(s)?, using [0-9]* worker thread(s)?/) ) { chomp($ThisLine); $StartLog{$ThisLine}++; } elsif ( (($File,$Line,$Problem) = ($ThisLine =~ /\/etc\/(rndc.key|named.conf):([0-9]+): (unknown option '[^ ]*')/)) or - (($File,$Line,$Problem) = ($ThisLine =~ /\/etc\/(rndc.key|named.conf):([0-9]+): ('[^ ]' expected near end of file)/)) or - (($File,$Line,$Problem) = ($ThisLine =~ /\/etc\/(named.*.conf):([0-9]+): (.*)/)) or - (($File,$Line,$Problem) = ($ThisLine =~ /()()(could not configure root hints from '.*': file not found)/))) { + (($File,$Line,$Problem) = ($ThisLine =~ /\/etc\/(rndc.key|named.conf):([0-9]+): ('[^ ]' expected near end of file)/)) or + (($File,$Line,$Problem) = ($ThisLine =~ /\/etc\/(named.*.conf):([0-9]+): (.*)/)) or + (($File,$Line,$Problem) = ($ThisLine =~ /()()(could not configure root hints from '.*': file not found)/))) { $ConfProb{$File}{"$Line,$Problem"}++; } elsif ( (($ErrorText) = ($ThisLine =~ /^(RUNTIME_CHECK.*)/))or - (($ErrorText) = ($ThisLine =~ /^(.* REQUIRE.* failed.*)$/)) or - (($ErrorText) = ($ThisLine =~ /(.*: fatal error)/)) or - (($ErrorText) = ($ThisLine =~ /(.*: out of memory)/)) ) { + (($ErrorText) = ($ThisLine =~ /^(.* REQUIRE.* failed.*)$/)) or + (($ErrorText) = ($ThisLine =~ /(.*: fatal error)/)) or + (($ErrorText) = ($ThisLine =~ /(.*: out of memory)/)) ) { $NError{$ErrorText}++; } elsif ( (($ErrorText) = ($ThisLine =~ /^(GeoIP .* DB not available)/)) ) { $GeoIPError{$ErrorText}++; @@ -411,7 +393,7 @@ while (defined(my $ThisLine = <STDIN>)) { } elsif ( ($From,$Log) = ($ThisLine =~ /invalid command from ([\.0-9a-fA-F:]*)#[0-9]*: (.*)/) ) { $CCMessages{"$From,$Log"}++; } elsif ( (($Log) = ($ThisLine =~ /(freezing .*zone.*)/)) or - (($Log) = ($ThisLine =~ /(thawing .*zone.*)/)) ) { + (($Log) = ($ThisLine =~ /(thawing .*zone.*)/)) ) { $CCMessages2{$Log}++; } elsif (($CCC) = ($ThisLine =~ /unknown control channel command '(.*)'/)) { $UnknownCCCommands{$CCC}++; @@ -423,48 +405,56 @@ while (defined(my $ThisLine = <STDIN>)) { $HUR{$Name}{$Address}++; } elsif (($Client) = ($ThisLine =~ /client ([\da-fA-F.:]+)(?:#\d*:)? notify question section contains no SOA/)) { $NoSOA{$Client}++; + } elsif (($Addr) = ($ThisLine =~ /bad cookie from (.*)/)) { + $BadCookie{$Addr}++; + } elsif (($Addr) = ($ThisLine =~ /missing expected cookie from ([\da-fA-F.:]+)(?:#\d*)?/)) { + $MissingCookie{$Addr}++; + } elsif (($Entry) = ($ThisLine =~ /shut down hung fetch while resolving '(.*)'/)) { + $Timeout{$Entry}++; + } elsif (($Entry) = ($ThisLine =~ /loop detected resolving '(.*)'/)) { + $LoopDetected{$Entry}++; } elsif (($Hint) = ($ThisLine =~ /checkhints: (.*)/) ) { $Hints{$Hint}++; } elsif (($Response,$Net,$Zone) = ($ThisLine =~/limit (.+) responses to (\S+)(?: for (.+) \()?/)) { $Zone = "None" unless defined($Zone); $Limit{$Zone}{$Response}{$Net}++; - } elsif (($Client,$Response,$Net,$Zone) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?rate limit drop (.+) response to (\S+)(?: for (\S+))?/)) { + } elsif (($Client,$Response,$Net,$Zone) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?\s*rate limit drop (.+) response to (\S+)(?: for (\S+))?/)) { $Zone = "None" unless defined($Zone); $LimitDrop{$Zone}{$Response}{$Net}{$Client}++; - } elsif (($Client,$Response,$Net,$Zone) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?rate limit slip (.+) response to (\S+)(?: for (\S+))?/)) { + } elsif (($Client,$Response,$Net,$Zone) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?\s*rate limit slip (.+) response to (\S+)(?: for (\S+))?/)) { $Zone = "None" unless defined($Zone); $LimitSlip{$Zone}{$Response}{$Net}{$Client}++; } elsif (($Net,$Zone,$Response) = ($ThisLine =~/limit responses to (\S+)(?: for (\S+))? (.*) +\(/)) { $Zone = "None" unless defined($Zone); $Limit{$Zone}{$Response}{$Net}++; - } elsif (($Client,$Net,$Zone,$Response) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?rate limit drop response to (\S+)(?: for (\S+))? (.*) +\(/)) { + } elsif (($Client,$Net,$Zone,$Response) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?\s*rate limit drop response to (\S+)(?: for (\S+))? (.*) +\(/)) { $Zone = "None" unless defined($Zone); $LimitDrop{$Zone}{$Response}{$Net}{$Client}++; - } elsif (($Client,$Net,$Zone,$Response) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?rate limit slip response to (\S+)(?: for (\S+))? (.*) +\(/)) { + } elsif (($Client,$Net,$Zone,$Response) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?\s*rate limit slip response to (\S+)(?: for (\S+))? (.*) +\(/)) { $Zone = "None" unless defined($Zone); $LimitSlip{$Zone}{$Response}{$Net}{$Client}++; - } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) { + } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+: )?\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) { $DNSSECInsec{'__Total__'}++; $DNSSECInsec{$Zone}{$RR}++; - } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) { + } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+: )?\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) { $DNSSECInvalid{'__Total__'}++; $DNSSECInvalid{$Zone}{$RR}++; - } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) { + } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+: )?\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) { $DNSSECBadCache{'__Total__'}++; $DNSSECBadCache{$Zone}{$RR}++; - } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): verify failed due to bad signature/)) { + } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+: )?\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): verify failed due to bad signature/)) { $DNSSECInvalid{'__Total__'}++; $DNSSECInvalid{$Zone}{$RR}++; - } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): got insecure response; parent indicates it should be secure/)) { + } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+: )?\s*validating ([^\/]*)\/(\w+): got insecure response; parent indicates it should be secure/)) { $DNSSECInsec{'__Total__'}++; $DNSSECInsec{$Zone}{$RR}++; - } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): no valid signature found/)) { + } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+: )?\s*validating ([^\/]*)\/(\w+): no valid signature found/)) { $DNSSECInvalid{'__Total__'}++; $DNSSECInvalid{$Zone}{$RR}++; - } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): verify failed due to bad signature/)) { + } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+: )?\s*validating ([^\/]*)\/(\w+): verify failed due to bad signature/)) { $DNSSECInvalid{'__Total__'}++; $DNSSECInvalid{$Zone}{$RR}++; - } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): bad cache hit/)) { + } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+: )?\s*validating ([^\/]*)\/(\w+): bad cache hit/)) { $DNSSECBadCache{'__Total__'}++; $DNSSECBadCache{$Zone}{$RR}++; } elsif (($Error,$Host) = ($ThisLine =~ /^(?:error \()?(.*)\)? resolving '([^']+)':/)) { @@ -475,8 +465,6 @@ while (defined(my $ThisLine = <STDIN>)) { $UpdateDenied{"$Rhost ($Error)"}++; } # ignore rest of samba4 dlz entries for now - } elsif ( my ($NTA, $View) = ($ThisLine =~ /^added NTA '([^']+)' \(\d+ sec\) in view '([^']+)'$/)) { - $NTAs{"$View: $NTA"}++; } else { # Report any unmatched entries... # remove PID from named messages @@ -630,13 +618,6 @@ if ( ( $Detail >= 5 ) and (keys %CCMessages2)){ } } -if (keys %NTAs) { - print "\nset Negative Trust Anchors:\n"; - foreach my $NTA (keys %NTAs) { - print " " . $NTA . ": " . $NTAs{$NTA} . " Time(s)\n"; - } -} - if ( ( $Detail >= 5 ) and ($StartNamed) ) { print "\nNamed started: $StartNamed Time(s)\n"; } @@ -793,6 +774,20 @@ if ( ( $Detail >= 10 ) and (keys %NonAuthoritative) ) { } } +if ( ( $Detail >= 10 ) and (keys %BadCookie) ) { + print "\nBad Cookie returned from these hosts:\n"; + foreach my $ThisOne (keys %BadCookie) { + print " " . $ThisOne . ": " . $BadCookie{$ThisOne} . " Time(s)\n"; + } +} + +if ( ( $Detail >= 10 ) and (keys %MissingCookie) ) { + print "\nMissing expected Cookie returned from these hosts:\n"; + foreach my $ThisOne (keys %MissingCookie) { + print " " . $ThisOne . ": " . $MissingCookie{$ThisOne} . " Time(s)\n"; + } +} + if ( ($Detail >= 10) and (keys %RetryLimit) ) { print "\nRetry limit exceeded for these zones:\n"; foreach my $Zone (sort {$a cmp $b} keys %RetryLimit) { @@ -837,7 +832,21 @@ if ( ( $Detail >= 10 ) and (keys %HUR) ) { } } -if ( ( $Detail >= 5 ) and (keys %ZoneUpdates) ) { +if ( ( $Detail >= 10 ) and (keys %Timeout) ) { + print "\nTimeout resolving for:\n"; + foreach my $ThisOne (sort {$a cmp $b} keys %Timeout) { + print " " . $ThisOne . ": " . $Timeout{$ThisOne} . " Time(s)\n"; + } +} + +if ( ( $Detail >= 10 ) and (keys %LoopDetected) ) { + print "\nLoop detected resolving for:\n"; + foreach my $ThisOne (sort {$a cmp $b} keys %LoopDetected) { + print " " . $ThisOne . ": " . $LoopDetected{$ThisOne} . " Time(s)\n"; + } +} + +if ( ( $Detail >= 10 ) and (keys %ZoneUpdates) ) { print "\nZone Updates:\n"; foreach my $ThisOne (sort {$a cmp $b} keys %ZoneUpdates) { print " $ThisOne:\n"; |