[ratelimits] Logging category

Tue May 14 02:04:17 UTC 2013

> From: Alan Clegg <alan at clegg.com>

> >> Should the RRL slip and drop move logging from the query category to
> >> the query-errors category with "debug 1" or "debug 3" severity?

> Please put me down as a +1 for a new, distinct category for RRL logging.

The idea I suggested does not involve a new, distinct category for RRL
logging.  I do not like the idea of 2 distinct rate-limit logging
categories, because I think the BIND9 logging machinery already has
too many special values, magic strings, levels, and categories but
limited flexibility.  As recently I wrote, since last year the BIND9
RRL patches have had a distinct "rate-limit" category described with
proposed ARM text:

 rate-limit
     The start, periodic, and final notices of the rate limiting
     of a stream of responses are logged at info severity in this
     category. These messages include a hash value of the domain
     name of the response and the name itself, except when there
     is insufficient memory to record the name for the final notice
     The final notice is normally delayed until about one minute
     after rate limit stops. A lack of memory can hurry the final
     notice, in which case it starts with an asterisk (*). Various
     internal events are logged at debug 1 level and higher.

     Rate limiting of individual requests is logged in the queries
     category and can be controlled with the querylog option.

(There is a link on http://www.redbarn.org/dns/ratelimits to that text.
It also appears as a change to the ARM XML in the RRL patches.)

If the change is made, then that second paragraph would become something
like:

     Rate limiting of individual responses is logged in the "query-errors"
     category with severity "debug 1" like SERVFAIL errors.

Please note that the idea is only a proposal in need of comments.  Even
if the change is made, it is unlikely to be approved for official BIND9
releases with RRL for some months.

Vernon Schryver    vjs at rhyolite.com