How to enable named/bind/DNS full logging? [closed]
Asked Answered
B

2

47

I am trying to find the perfect logging clause in named.conf that would help me enable full-level logs for named service. Can someone give an example here? My current clause is given below, but this generates very minimal logs.

 logging {
     channel querylog{
             file "/var/log/querylog";
             severity debug 10;
             print-category yes;
             print-time yes;
             print-severity yes;
             };
     category queries { querylog;};
 };
Bauble answered 22/6, 2012 at 9:53 Comment(0)
M
94

I usually expand each log out into its own channel and then to a separate log file, certainly makes things easier when you are trying to debug specific issues. So my logging section looks like the following:

logging {
    channel default_file {
        file "/var/log/named/default.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel general_file {
        file "/var/log/named/general.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel database_file {
        file "/var/log/named/database.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel security_file {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel config_file {
        file "/var/log/named/config.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel resolver_file {
        file "/var/log/named/resolver.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-in_file {
        file "/var/log/named/xfer-in.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-out_file {
        file "/var/log/named/xfer-out.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel notify_file {
        file "/var/log/named/notify.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel client_file {
        file "/var/log/named/client.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel unmatched_file {
        file "/var/log/named/unmatched.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel queries_file {
        file "/var/log/named/queries.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel network_file {
        file "/var/log/named/network.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel update_file {
        file "/var/log/named/update.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dispatch_file {
        file "/var/log/named/dispatch.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dnssec_file {
        file "/var/log/named/dnssec.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel lame-servers_file {
        file "/var/log/named/lame-servers.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };

    category default { default_file; };
    category general { general_file; };
    category database { database_file; };
    category security { security_file; };
    category config { config_file; };
    category resolver { resolver_file; };
    category xfer-in { xfer-in_file; };
    category xfer-out { xfer-out_file; };
    category notify { notify_file; };
    category client { client_file; };
    category unmatched { unmatched_file; };
    category queries { queries_file; };
    category network { network_file; };
    category update { update_file; };
    category dispatch { dispatch_file; };
    category dnssec { dnssec_file; };
    category lame-servers { lame-servers_file; };
};
Mystagogue answered 24/8, 2012 at 17:34 Comment(4)
Thanks for the information. But the issue here is, I have zone files looped within a single folder, for each domain. Say for example.com, I have around 6 sub-zone files using the INCLUDE clause within the master zone file. I would like to know the particular zone file from which the query is extracting the information from. I have added your log clause in my bind. Will check & let you know if it helps. Thanks for your help.Bauble
I doubt that it's actually possible, and standard logging would not give you that level of detail. BIND loads the zone files into memory on startup so the files themselves are meaningless once it's started, it's just one complete zone. Enabling debug mode in BIND might give you additional levels of detail, but it's going to cause a huge amount of logging to be generated which will inturn impact the performance of the DNS server.Mystagogue
Why do you think logging everything to separate files is better for debugging? Also beware of useless log messages in most channels when your server is busy.Thing
Detailed information on Bind9 can be found here, explicitly logging as well:zytrax.com/books/dns/ch7/logging.html You can assign the same category to more than one file and thus have different logging levels on separate files.Mirage
T
25

Run command rndc querylog on or add querylog yes; to options{}; section in named.conf to activate that channel.

Also make sure you’re checking correct directory if your bind is chrooted.

Thing answered 23/6, 2012 at 0:54 Comment(4)
I have BIND 9.9.4 on centos7, I try to added the "querylog on;" to the options section, but named not restarted. In journal I had /etc/named.conf:30: boolean expected near 'on'Rationality
I think it might be querylog yes; in config file, I might've mistaken rndc param with config option.Thing
I found that, while rndc querylog on did change the setting reported by rndc querylog status, actual logging did not occur until I changed severity warning to severity dynamic in my named.conf file.Bibbye
Note: I read queries will be logged by default to /var/log/messages but in my case they were logged to /var/log/syslog (tested on Debian). To check the status, I had to do rndc status, not rndc querylog status like mentioned in the comment above.Semimonthly

© 2022 - 2024 — McMap. All rights reserved.