Agenda: dns-bind-logging.txt

File dns-bind-logging.txt, 3.2 KB (added by admin, 6 years ago)
Line 
1BIND LOGGING
2------------
3
4By default, logs from named are sent to /var/log/messages via syslog.
5
6Let's make BIND log in a more detailed fashion.
7
8On AUTH1 (auth1.grpX - and if running BIND on your resolver, on resolv.grpX
9as well):
10
111. Create the log directory:
12
13        $ sudo mkdir -p /etc/namedb/log
14        $ sudo chown bind /etc/namedb/log
15
162. Edit /etc/rc.conf, and enable named (BIND), in case you haven't already
17   done so:
18
19        $ sudo ee /etc/rc.conf
20
21named_chrootdir=""
22named_enable="YES"
23
24        Save the file and exit.
25
263. Edit /etc/namedb/named.conf
27
28If it is still there, find and *REMOVE* the "listen-on" line (in the
29"options" section):
30
31options {
32    ...
33    listen-on       { 127.0.0.1; };             // <- remove this line!
34    ...
35};
36
37
38Now move to the bottom (end) of the file, and create the "logging section":
39
40// - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - -
41
42logging {
43        // Channels
44
45        channel transfers {
46            file "/etc/namedb/log/transfers" versions 3 size 10M;
47            print-time yes;
48                        severity info;
49        };
50        channel notify {
51            file "/etc/namedb/log/notify" versions 3 size 10M;
52            print-time yes;
53                        severity info;
54        };
55        channel dnssec {
56            file "/etc/namedb/log/dnssec" versions 3 size 10M;
57            print-time yes;
58                        severity info;
59        };
60        channel query {
61            file "/etc/namedb/log/query" versions 5 size 10M;
62            print-time yes;
63                        severity info;
64        };
65        channel general {
66            file "/etc/namedb/log/general" versions 3 size 10M;
67            print-time yes;
68                        severity info;
69        };
70
71        // Categories
72
73        category xfer-out { transfers; };
74        category xfer-in { transfers; };
75        category notify { notify; };
76
77        category lame-servers { general; };
78        category config { general; };
79        category default { general; };
80        category security { general; };
81        category dnssec { dnssec; };
82
83        // category queries { query; };
84
85};
86
87// - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - - -
88
89
90Save and exit the file, and TEST that it works:
91
92        $ sudo named-checkconf /etc/namedb/named.conf
93
94Note that the "queries" category is commented out. This is on purpose as this
95log file on many servers could become very large quickly.
96
974. Now reconfig or restart bind:
98
99   $ sudo rndc reconfig
100
101        - Look into /etc/namedb/log/, and see if the files get created.
102
103        If it doesn't work, try:
104
105        - check permissions for /etc/namedb/log
106        - restarting named (/etc/rc.d/named restart)
107
1085. Do a zone transfer of you own domain:
109
110        $ dig @auth1.grpX.dns.nsrc.org AXFR MYTLD
111        ...
112
113        - Verify that the transfer shows up in /etc/namedb/log/transfers:
114
11517-Feb-2011 11:18:15.331 client 127.0.0.1#61235: transfer of 'MYTLD/IN': AXFR started
11617-Feb-2011 11:18:15.331 client 127.0.0.1#61235: transfer of 'MYTLD/IN': AXFR ended
117
1186. Update the serial number on your master zone file:
119
120        $ sudo vi /etc/namedb/master/MYTLD
121
122        Increment Serial by 1 then save the zone file.
123
124        # rndc reload MYTLD
125
126        In the notify log file there should be a line that looks something
127        like this:
128
129        $ cat /etc/namedb/log/notify
130
13122-Feb-2012 23:43:48.647 zone MYTLD/IN: sending notifies (serial 2012022306)