This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Repeated error message from ctipd

My Fallback messages log is getting spammed with the following message:

2018:08:12-18:10:41 astaro [local0:err] [ctipd] [9830]: CCtipdRblRequest::Run() - query is not one of the following:TXT,A or ANY

It appears at seemingly random times, but always in spurts of twenty or so at a time.

Any ideas what might be causing it, or how to disable it if it's not something I actually need?  I'm sending my logs to a syslog server, and I'd like to have it send an alert if it receives a message marked Error or above, but these are causing a flood of alerts since they're all flagged Error.

Thanks,
  Jon.



This thread was automatically locked due to age.
  • Hi Jon,

    The reason for the error you are encountering is that DNSSEC validation is not supported by ctipd, it will only accept TXT, A or ANY query types. To clarify the exact error message, it is a generic error response for any unsupported query; "query is not one of the following:TXT,A or ANY" 

    Now, What is CTIPD? It is the IP reputation daemon used in the UTM.

    The daemon's RBL interface is an integration option designed primarily for MTAs that support RBL to quickly integrate ctipd for RBL service without coding effort. The ctipd daemon is intended to be running locally and not on WAN. As such, it was not intended to provide a full DNS service and so is restricted to the scope of providing our IP Reputation service.

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Thanks for the explanation, Sachin.  So the daemon is required, and there's no way to suppress this message?  That's a bummer - I really would like to monitor the fallback log in case there ever is a real problem, but these messages make it impractical to set up an alert for Error or above.  I guess I'll just have to set the alert threshold to Critical.

  • Fallback log gives information of the running daemons which haven't got their own log file. You should also keep a track of kernel and system log files to monitor the real problems. 

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.