Agenda: dns-bind-logging.txt

File dns-bind-logging.txt, 2.3 KB (added by regnauld, 8 years ago)

dns-bind-logging.txt

Line 
1BIND LOGGING
2------------
3
4By default, logs from named are sent to /var/log/messages via syslog.
5
6Let's make BIND log in a more detailed fashion.
7
8On MASTER:
9
101. Create the log directory:
11
12        # mkdir /etc/namedb/log
13        # chown bind /etc/namedb/log
14
152. Edit /etc/namedb/named.conf, find the end of the "options" section, and
16   create the "logging section":
17
18options {
19    ...
20};
21
22// - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - -
23
24logging {
25        // Channels
26
27        channel transfers {
28            file "/etc/namedb/log/transfers" versions 3 size 10M;
29            print-time yes;
30                        severity info;
31        };
32        channel notify {
33            file "/etc/namedb/log/notify" versions 3 size 10M;
34            print-time yes;
35                        severity info;
36        };
37        channel dnssec {
38            file "/etc/namedb/log/dnssec" versions 3 size 10M;
39            print-time yes;
40                        severity info;
41        };
42        channel query {
43            file "/etc/namedb/log/query" versions 5 size 10M;
44            print-time yes;
45                        severity info;
46        };
47        channel general {
48            file "/etc/namedb/log/general" versions 3 size 10M;
49            print-time yes;
50                        severity info;
51        };
52
53        // Categories
54
55        category xfer-out { transfers; };
56        category xfer-in { transfers; };
57        category notify { notify; };
58
59        category lame-servers { general; };
60        category config { general; };
61        category default { general; };
62        category security { general; };
63        category dnssec { dnssec; };
64
65        // category queries { query };
66
67};
68
69// - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - - -
70
71
72Save and exit the file, and TEST that it works:
73
74        # named-checkconf /etc/namedb/named.conf
75
762. Now reconfig or restart bind:
77
78   # rndc reconfig
79
80        - Look into /etc/namedb/log/, and see if the files get created.
81
82        If it doesn't work, try:
83
84        - check permissions for /etc/namedb/log
85        - restarting named (/etc/rc.d/named restart)
86
873. Do a zone transfer of you own domain:
88
89        # dig @master.grpX.ws.nsrc.org AXFR MYTLD
90        ...
91
92        - Verify that the transfer shows up in /etc/namedb/log/transfers:
93
9417-Feb-2011 11:18:15.331 client 127.0.0.1#61235: transfer of 'MYTLD/IN': AXFR started
9517-Feb-2011 11:18:15.331 client 127.0.0.1#61235: transfer of 'MYTLD/IN': AXFR ended