Client object identifier in BIND 9 query logs

1

The BIND 9 Administrator Reference Manual e.g. for version 9.14.11 or 9.17.1 states in

  • 5.2. CONFIGURATION FILE GRAMMAR
    • The category Phrase
      • queries

The query log entry first reports a client object identifier in @0x<hexadecimal-number> format.

This term has not been mentioned anywhere else in the ARM, and it's the only mention of any object identifier at all.

  • It seems not to be related to the client that was sending the query:

    • it could be the same for queries from many unrelated IP addresses but
    • it could be different for two queries from the same IP address.

  • For e.g. @0x123456789abc

    • the first half 123456 seems always stay the same
    • the second half 789abc changes from time to time.

  • In query log examples it can be 32-bit @0xffffffff or 48-bit @0xffffffffffff.

  • Alan Clegg, in this BIND Logging presentation from October 2019, only describes it through what it is not:

    A @0x followed by the client object identifier (nothing to do with the client address)

What is it and how is it calculated?
What information can we get out of it? Why is it logged anyway?

bind
asked on Server Fault May 17, 2020 by Esa Jokinen • edited Jun 11, 2020 by Community

1 Answer

1

According to Tony Finch's reply to bind-users mailing list in August 2019:

It's the address in memory of the data structure BIND uses to hold its working state for the query.

I'm surprised this seems the only place this is actually explained. The naming seems rather misleading as, based on this, it's not about the client nor object identifiers OID (per ITU-T X.660 | ISO/IEC 9834-1).

The explanation seems credible, as it's coherent with both the format and behaviour of the value. This logging comes from ISC's lib/ns/client.c i.e. the client object (Thanks, Patrick Mevzek!):

2715    isc_log_write(ns_lctx, category, module, level,
2716              "client @%p %s%s%s%s%s%s%s%s: %s", client, peerbuf, sep1,
2717              signer, sep2, qname, sep3, sep4, viewname, msgbuf);

Here, the %p indeed is the memory address (pointer) of the client, as it's written in C, and the "client @%p %s%s%s%s%s%s%s%s: %s" is a printf format string, where the % placeholder has:

The syntax for a format placeholder is

%[parameter][flags][width][.precision][length]type

Type field

  • s: null-terminated string.
  • p: void * (pointer to void) in an implementation-defined format.

Instead, the BIND 9 Administrator Reference Manual COULD simply say something like:

The query log entry first reports the memory address of the data scructure used to hold the working state for the query, in @0x<hexadecimal-number> format.

Well, the whole paragraph could also be formatted as a list instead of a story...

answered on Server Fault May 17, 2020 by Esa Jokinen • edited May 30, 2020 by Esa Jokinen

User contributions licensed under CC BY-SA 3.0