From 30ed714f3d940185d1064d775f82b066720a6026 Mon Sep 17 00:00:00 2001
From: Fredrik Wahlberg <fredrik@wahlberg.se>
Date: Sun, 3 Dec 2023 21:17:22 +0100
Subject: [PATCH] Fixar en massa named

---
 logcheck-fw-named | 15 ++++++++++++---
 testlog           |  6 ++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/logcheck-fw-named b/logcheck-fw-named
index b55337d..93c0a1f 100644
--- a/logcheck-fw-named
+++ b/logcheck-fw-named
@@ -59,7 +59,9 @@
 #Apr 10 05:59:24 marconi named[7781]:   validating formelracing.se/SOA: no valid signature found
 #Apr 10 05:59:24 marconi named[7781]: validating formelracing.se/A: no valid signature found
 #Apr 10 05:59:24 marconi named[7781]:   validating cmqpg0nlq5bi4s4ucti6jj2avrd7mhtj.formelracing.se/NSEC3: no valid signature found
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]:[[:space:]]+validating [.[:alnum:]]+/(A|SOA|NSEC3): no valid signature found
+#Dec  2 12:09:09 nada named[256]: validating shsye.org/NS: no valid signature found
+#Dec  2 12:09:09 nada named[256]:   validating 20150901._domainkey.smgrid.com/NSEC: no valid signature found
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]:[[:space:]]+validating [-_.[:alnum:]]+/[[:alnum:]]+: no valid signature found
 
 #Mar  3 18:03:34 marconi named[27570]: transfer of 'wahlberg.se/IN' from 66.23.226.92#53: Transfer status: success
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: transfer of '[-.[:alnum:]]+/IN' from [#.[:digit:]]+: Transfer status: success
@@ -88,7 +90,14 @@
 #Oct 28 07:54:13 nada named[368]: client @0xf242cb64 104.180.184.102#80 (.): query failed (REFUSED) for ./IN/RRSIG at query.c:5498
 #Oct 28 06:17:36 nada named[368]: client @0xf2443044 205.185.124.172#52570 (pizzaseo.com): query failed (REFUSED) for pizzaseo.com/IN/RRSIG at query.c:5498
 #Oct 28 18:02:12 nada named[368]: client @0xf243df14 146.88.240.4#52092 (4217e25c.asert-dns-research.com): query failed (REFUSED) for 4217e25c.asert-dns-research.com/IN/A at query.c:5498
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [@[:alnum:]]+ [\#.[:digit:]]+ \([-.[:alnum:]]+\):
+#Dec  2 12:09:09 nada named[256]: client @0xf25d0a70 127.0.0.1#33754 (mail._domainkey.ahrenbecks.se): query failed (failure) for mail._domainkey.ahrenbecks.se/IN/A at query.c:7465
+
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [@[:alnum:]]+ [\#.[:digit:]]+ \([-_.[:alnum:]]+\):
 
 #Feb  2 14:16:36 nada named[11745]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'
\ No newline at end of file
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'
+
+
+#Dec  1 18:09:32 nada named[256]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
+#Dec  1 00:38:25 nada named[256]: checkhints: l.root-servers.net/AAAA (2001:500:3::42) extra record in hints
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: checkhints: [-_.[:alnum:]]+/[[:alnum:]]+ 
\ No newline at end of file
diff --git a/testlog b/testlog
index c7e54d3..1c87c73 100644
--- a/testlog
+++ b/testlog
@@ -771,6 +771,12 @@ Feb  5 01:55:57 nada sshd[27887]: error: maximum authentication attempts exceede
 Feb  5 01:55:57 nada sshd[27887]: Disconnecting invalid user ec2-user 183.107.58.230 port 63999: Too many authentication failures [preauth]
 Feb 11 23:15:56 nada sshd[24603]: Connection reset by invalid user ec2-user 59.27.78.36 port 61591 [preauth]
 Feb 20 17:01:46 nada sshd[32112]: Received disconnect from 82.183.31.32 port 49498:11: cleanup
+Dec  2 12:09:09 nada named[256]: client @0xf25d0a70 127.0.0.1#33754 (mail._domainkey.ahrenbecks.se): query failed (failure) for mail._domainkey.ahrenbecks.se/IN/A at query.c:7465
+Dec  2 12:09:09 nada named[256]: validating shsye.org/NS: no valid signature found
+Dec  2 12:09:09 nada named[256]:   validating 20150901._domainkey.smgrid.com/NSEC: no valid signature found
+Dec  2 17:53:41 nada sendmail[6529]: gethostbyaddr(172.17.0.1) failed: 1
+Dec  1 18:09:32 nada named[256]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
+Dec  1 00:38:25 nada named[256]: checkhints: l.root-servers.net/AAAA (2001:500:3::42) extra record in hints
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Aug 23 18:39:24 nada fredrik[1713]: Sista raden