> I turned query logging on on a test system and did a > couple of queries and the log entry is what we need but it is > also in the same log file as zone transfers and updates. On our > busy DNS, I would like to capture the query logs, check them for > the addresses of critical systems, and then discard them as this > could be like filling up thimbles from a fire hose.
http://www.isc.org/sw/bind/arm94/Bv9ARM.ch06.html#id2574782 example: logging { channel "query_logging"{ file "logs/query_log" versions 3 size 1m; print-time yes; }; category "queries" { "query_logging"; }; };
