Bind query logging can be very handy if you are troubleshooting a problem. However, it generates a lot of output very quickly. So on a busy nameserver make sure you enable it for a short period of time until you troubleshoot the issue.

 

Turn on bind query logging

 

1. In order to identify clients dns queries, bind query log needs to enabled. For BIND 9, turn on query logging with:

# rndc querylog

 

For BIND 8, use the below command to enable query logging:

# ndc querylog

 

2. The Queries will be logged to /var/log/messages file. The name server will log a one-line message each time it receives a query. For BIND 9, the messages look like this:

Feb  5 09:12:11 ns1 named[80090]: client 192.168.106.112#3261: query: www.server.example IN A

 

This tells us that our name server received a query from the client at 192.168.106.112, port 3261, for A records attached to www.server.example in the Internet class.

 

3. On a BIND 8 name server, the messages look like this:

Feb  5 09:53:52 ns1 named[80323]: XX+/192.168.10.12/www.server.example/A/IN

 

Here mostof the information is same as that of Bind 9, except the formatting. The “XX+” at the beginning indicates that it is a recursive query. Nonrecursive queries show just “XX.“.

 

Turning off Bind query logging

 

To turn off the Bind query logging, use the same command used to enable it.

# rndc querylog

 

Enable querylog permanently in config

 

1. Query logging can also be enabled by explicitly directing the queries category to a channel in the logging section of named.conf or by specifying querylog yes; in the options section of named.conf.

# vi /etc/named.conf
...
options {
	    querylog yes;
}

...
logging {
        channel querylog {
                file "/var/log/querylog";
                severity debug 3;
        };
};

 

Queries will be logged to /var/log/querylog. 

 

2. Create the logfile where queries will be logged.

touch /var/log/querylog

 

3. Change the ownership. 

# chown named.named /var/log/querylog

 

 4. restart named service

# service named restart

 

這篇文章有幫助嗎? 0 Users Found This Useful (0 Votes)