sudo mkdir -p /var/log/bind
sudo chown bind /var/log/bind
First, edit the file /etc/bind/named.conf.options
:
sudo vi /etc/bind/named.conf.options
At the bottom of the file, after the end of the "options" section, copy and paste the following:
logging {
// Channels
channel transfers {
file "/var/log/bind/transfers" versions 3 size 10M;
print-time yes;
severity info;
};
channel notify {
file "/var/log/bind/notify" versions 3 size 10M;
print-time yes;
severity info;
};
channel dnssec {
file "/var/log/bind/dnssec" versions 3 size 10M;
print-time yes;
severity info;
};
channel query {
file "/var/log/bind/query" versions 5 size 10M;
print-time yes;
severity info;
};
channel general {
file "/var/log/bind/general" versions 3 size 10M;
print-time yes;
severity info;
};
// Categories
category xfer-out { transfers; };
category xfer-in { transfers; };
category notify { notify; };
category lame-servers { general; };
category config { general; };
category default { general; };
category security { general; };
category dnssec { dnssec; };
// category queries { query; };
};
Save and exit the file, then reconfigure bind
:
sudo rndc reconfig
Try and do a zone transfer of your own zone:
dig @localhost axfr myzone
Now, go to check the logs...
cd /var/log/bind
ls -l
You should see something similar to:
-rw-r--r-- 1 bind bind 0 Jun 1 14:20 dnssec
-rw-r--r-- 1 bind bind 126 Jun 1 14:20 general
-rw-r--r-- 1 bind bind 0 Jun 1 14:20 notify
-rw-r--r-- 1 bind bind 0 Jun 1 14:20 query
-rw-r--r-- 1 bind bind 174 Jun 1 14:20 transfers
Inspect the contents!
Tip: use tail -f
to follow a logfile in realtime.
For instance:
run tail -f transfers
in one terminal
open another terminal (SSH), and in the other window, run
dig @localhost axfr myzone
What do you notice ?