Re: Fresh (non cached) dig
If you're referring to your local system's cache, you can bypass this by specifying a DNS server for dig to query. use @dns.server.domain or @4.2.2.2(for example) for this. If you're referring to the cache on the server you're trying to query, sorry, that's beyond your control, unless you have root on that server. -wes On Fri, Jan 2, 2009 at 12:11 PM, Stephen Ward < stephen.usenet.w...@wibblywobblyteapot.co.uk> wrote: > For all my attempts to read the manual on DIG I can't find a way to do > something really simple. > > Is there a way to dig a domain name so even if the results are in cache, > it will ignore these and re-read them? It's really from a testing > perspective I'm looking at this. I can mash the keyboard each time to try > and get a better handle on the query time, but there has got to be an > easy way to do this? > > > > -- > . . . > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone transfer problem
On Fri, Jan 2, 2009 at 6:55 AM, Leonardo Rodrigues Magalhães < leolis...@solutti.com.br> wrote: > > > Sener ATAS escreveu: > >> Hi, >> >> I try to add slave dns server. But there is a problem about zone transfer. >> If I don't edit manually slave server's named.conf file, zone files don't >> transfer from master to slave. >> >> log file at slave dns is; >> >> 02-Jan-2009 16:40:03.226 notify: client 192.168.117.50#63516: received >> notify for zone 'yyy.aaa.com': not authoritative >> >> 192.168.117.50 my master dns. >> both server is FREE BSD with BIND 9.5.1 >> >> > where's the problem !?!? This is the correct (and so the expected one) > behavior of bind. There's no auto-configuration for slave zones. You'll have > to, somehow, sinc your configurations so slave servers can receive the new > slave zones. > > there's no problem at all, just a misunderstanding that bind should > transfer all zones automatically. > > this was discussed some days ago on the list ... > > https://lists.isc.org/pipermail/bind-users/2008-December/074290.html > > > > -- > As per Michael's suggestion, I have used Webmin, and it works very well. When I create a new zone on the master via Webmin, it now has a field asking which slaves to create the zone on as well, which is automatically populated with the slave Webmin server's IP. -wes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone propagation
For 20 servers, yes, I would totally do exactly that. But I only have 2 :) If that's the solution, I'll just keep adding them manually. Thanks for the info. -wes On Wed, Dec 24, 2008 at 1:39 PM, Jonathan Petersson wrote: > What I've done is that I maintain a "master-slave" zone on my master, > if any new zones are manipulated I push out an updated config to my 20 > or so slave-servers, once pushed out a trigger a sudo script via ssh > that reloads bind with the new config and viola. > > /Jonathan > > On Wed, Dec 24, 2008 at 7:38 PM, wes wrote: > > On Wed, Dec 24, 2008 at 9:54 AM, Michael Varre wrote: > >> > >> On 12/24/08, wes wrote: > >> > Can I configure a pair of bind9 servers, one master and one slave, so > >> > that > >> > when I create a new zone on the master, it is also created on the > slave? > >> > > >> > I already have slaving of existing zones working well. > >> > > >> > thanks, > >> > -wes > >> > >> I'm sure there are other ways but I use webmin to handle all of it for > >> me. I used to do it all manually on the command line, logging into > >> each server and manually adding new zones but webmin has cut the time > >> it takes for me to make dns MACs down to about 10% of what it used to > >> be. > > > > Interesting. I am using Webmin. I had to create each zone on the master > and > > slave servers, and set them up accordingly. Can you give me a small hint > as > > to where the magic flag is to configure Webmin for this? > > > > thanks, > > -wes > > ___ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Recognition
> > Some gTLD registrars (such as those for .net if memory serves correctly) > require your nameservers to be registered in a server registry (I think > OpenSRS or Tucows.) Some registrars update/maintain these entries > automatically, with others you have to request it. > > Andy To clarify, all gTLD registrars require nameservers to be registered with the registry. This is because the registrar is simply passing the requests along to the registry, and the registry itself requires that any nameservers in use on a domain must be registered first. To my knowledge, all gTLD registries require this. I am positive about com/net/org, and almost certain about biz/name/info. As for the ccTLDs all bets are off. -wes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Recognition
This is a tough one for all newbies. The problem here is that this particular operation is not related at all to your DNS server. You need to do this at your registrar. The second biggest problem is that all registrars call it something different. I went through this many times when I worked at Dotster, where they call it "Register Name Server." I have also used GoDaddy, where they call it "Manage Domain Hosts" or some nonsense. You may have to consult your registrar's tech support. -wes On Wed, Dec 24, 2008 at 11:29 AM, eltiare wrote: > Hello all, > > Got a total newb here to DNS. I've purchased the book DNS and BIND > from O'Reilly, and most of it makes sense to me. However, there is one > thing that has been bugging me, and it's that I can't figure out how > the life of me I am supposed to point registrar's to my domain name > server. The one with which I am registered only wants the _names_ of > the DNS and not IP addresses, and I am confused as to how I am > supposed to assign names (like ns1.my-domain.com) to my domain name > servers. Even if you could get me pointed with some docs that would > help me out, it would be appreciated. I've spent about a day looking > for this information now. > > Jeremy Nicoll > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: zone propagation
On Wed, Dec 24, 2008 at 9:54 AM, Michael Varre wrote: > > On 12/24/08, wes wrote: > > Can I configure a pair of bind9 servers, one master and one slave, so > that > > when I create a new zone on the master, it is also created on the slave? > > > > I already have slaving of existing zones working well. > > > > thanks, > > -wes > I'm sure there are other ways but I use webmin to handle all of it for > me. I used to do it all manually on the command line, logging into > each server and manually adding new zones but webmin has cut the time > it takes for me to make dns MACs down to about 10% of what it used to > be. > Interesting. I am using Webmin. I had to create each zone on the master and slave servers, and set them up accordingly. Can you give me a small hint as to where the magic flag is to configure Webmin for this? thanks, -wes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
zone propagation
Can I configure a pair of bind9 servers, one master and one slave, so that when I create a new zone on the master, it is also created on the slave? I already have slaving of existing zones working well. thanks, -wes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dynamic updates
Would a dynamically created A record override an explicitly established one in the zone file? If so, can I deny dynamic updates for specific hostnames? I would like to allow my Windows computers to dynamically update their names, but I don't want to have a situation where a computer named "www" does a dynamic update and updates www.[domain].com and breaks my website. thanks, -wes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Stuck glue records in the GTLD servers??
If it were just a matter of the domain's authoritative name servers, you would be correct. But in order to use those name servers for other domains, the registrar has to submit them to the registry as HOST records. This is separate and unrelated to the nameserver settings on the domain itself, and does not appear at all in the zone file for that domain. -wes On Mon, Dec 15, 2008 at 4:22 PM, Milo Hyson wrote: > Thanks for the tip. I've asked those with the proper authority to verify > the registrar's records. > I must admit that I find it unusual that this needs to be done. In my > experience, the glue records automatically change when a domain's name > servers are altered. However, I have never worked with this particular > registrar before, so perhaps they do things differently. Regardless, thanks > again. :) > > -- > > *Milo Hyson* > > Chief Scientist > > CyberLife Labs > > > On Dec 15, 2008, at 16:05, Mark Andrews wrote: > > > You need to contact the registar for netdentalcare.com and > update the HOST record for ns.netdentalcare.com to have the > new address record. This changes what GLUE is published > in the COM zone. > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org > > > > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: logging query results
On Tue, Dec 2, 2008 at 4:28 PM, Kevin Darcy <[EMAIL PROTECTED]> wrote: > Bill Larson wrote: > >> JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]> said: >> >> >> >>> At Fri, 28 Nov 2008 10:08:34 -0800, >>> wes <[EMAIL PROTECTED]> wrote: >>> >>> >>> >>>> I would like to know if it's possible to log the output of each dns >>>> query. >>>> >>>> >>> Do you mean the response to each query by "output"? >>> >>> If so, there's currently no such log messages regardless of log level. >>> >>> We may implement it in the future as we discussed in a different thread: >>> https://lists.isc.org/pipermail/bind-users/2008-December/073981.html >>> >>> >> >> Is anyone besides myself beginning to feel that too MUCH functionality is >> being built into BIND? Will the next request be to put out the cat before >> bedtime? >> >> I'm concerned that BIND is being made too complex, with the associated >> security issues of any complex system. Sendmail is a perfect example of >> this. It tried to do everything with the resulting "bug of the month" >> outcome. >> >> Query logging is a great idea, but OARC has already produced a very >> functional "dnscap" which will capture all DNS traffic, queries and >> responses, incoming and outgoing. Maybe this type of logging functionality >> could be better relegated to a third party tool such as "dnscap" rather than >> being built directly into BIND. >> >> Adding functionality for for the purpose of better operations is one >> thing. Including the capability of performing zone transfers inside BIND >> was a great addition rather than having a separate "named-xfer" tool. This >> made running in a chroot environment much simpler, easier, and secure. This >> is "good" additional functionality. >> >> Additional functionality, such as adding additional query logging >> capabilities that aren't critical to the operation of the basic system, >> simply increase complexity with the inherent decrease in security that makes >> this type of addition a drawback. >> >> Please, keep BIND as simple as possible (but not simpler). Leave >> additional capabilities to separate tools such as "dnscap". >> >> >> > Bill, > While I appreciate the work that's gone into dnscap (which I use), looking > at the big picture, does it really make sense to have a *separate* tool, > just for the purpose of dumping the contents of DNS packets coming into, or > leaving, a particular instance of named, in a human-readable form? From the > standpoint of efficiency, named already has intimate details about the > contents of every packet it processes, all that remains is that it render > those contents into a human-readable form into a logfile. > > If dnscap is run outside of named, however, it needs to capture the packets > in wire-format from the raw device -- requiring, usually, superuser > privileges, which opens up some security issues -- and then parse those > packets from scratch, using much of the same logic, the same algorithms, > that named itself uses. Seems like a duplication of effort to me, and named > can do this processing _unprivileged_, if configured and/or invoked that > way, thus allaying your security concerns. > > dnscap certainly has its place as a sophisticated capture utility on a > third-party client (i.e. neither the initiator or the responder), or on > either end, where something other than BIND, with inferior logging > capabilities, is being used. But if the initiator and/or responder are BIND, > why not leverage all of the algorithms, cpu cycles, etc. that are already > being brought to bear by named to parse the contents of DNS packets? Yes, > it's that dread buzzword "synergy"; I think we have some here. > > Then again, maybe the best of both worlds can be obtained by having a way > for named to simply feed raw packet contents to some external program, which > could be dnscap or something else. That external program could then > filter/format the packets any way it sees fit... > > - Kevin > > I see no reason we can't have it both ways. There are 4 main concerns that I see being brought up: 1) Performance 2) Security 3) Code clutter 4) Redundancy/Duplication of effort/Reinventing the wheel My thoughts: 1) Performance should not be an issue if it is implemented correctly. This means making the debugging statements optional, and even perhaps offering a flag to remove them entirely at compile t
Re: logging query results
On Tue, Dec 2, 2008 at 2:09 PM, JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]>wrote: > At Fri, 28 Nov 2008 10:08:34 -0800, > wes <[EMAIL PROTECTED]> wrote: > > > I would like to know if it's possible to log the output of each dns > query. > > Do you mean the response to each query by "output"? > > If so, there's currently no such log messages regardless of log level. > > We may implement it in the future as we discussed in a different thread: > https://lists.isc.org/pipermail/bind-users/2008-December/073981.html > > --- > JINMEI, Tatuya > Internet Systems Consortium, Inc. > Yes, I'm referring to the query response. That answers my question. thanks! -wes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: logging query results
On Mon, Dec 1, 2008 at 12:32 PM, Jeremy C. Reed <[EMAIL PROTECTED]> wrote: > On Mon, 1 Dec 2008, wes wrote: > > > The result I'm looking for is "10.1.1.44" and this string does not > appear in > > any of the logs at all. > > Search for 10.in-addr.arpa. instead. > Ok, I did that, but it only appears to return PTR record queries (to which I still don't get the results) Thanks for the idea, but I am still searching. -wes ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: logging query results
I am still having this issue. Here is my current configuration:
logging {
channel log {
file "/var/log/named/named.log"
versions 10
size 100m;
severity debug ;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
log;
};
category queries {
log;
};
};
looks like I haven't changed anything since posting last. I can't imagine
what I could though.
And here is a sample transaction from today:
01-Dec-2008 11:01:14.952 general: debug 60: socket 0xb7f2f148
127.0.0.1#33193: packet received correctly
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: UDP
request
01-Dec-2008 11:01:14.952 client: debug 5: client 127.0.0.1#33193: using view
'_default'
01-Dec-2008 11:01:14.952 security: debug 3: client 127.0.0.1#33193: request
is not signed
01-Dec-2008 11:01:14.952 security: debug 3: client 127.0.0.1#33193:
recursion available
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: query
01-Dec-2008 11:01:14.952 queries: info: client 127.0.0.1#33193: query:
www.solestruck.com IN A +
01-Dec-2008 11:01:14.952 client: debug 10: client 127.0.0.1#33193:
ns_client_attach: ref = 1
01-Dec-2008 11:01:14.952 security: debug 3: client 127.0.0.1#33193: query '
www.solestruck.com/A/IN' approved
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: send
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: sendto
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: senddone
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: next
01-Dec-2008 11:01:14.952 client: debug 10: client 127.0.0.1#33193:
ns_client_detach: ref = 0
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: endrequest
01-Dec-2008 11:01:14.953 general: debug 60: socket 0xb7f2f148
127.0.0.1#33193: packet received correctly
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: UDP
request
01-Dec-2008 11:01:14.953 client: debug 5: client 127.0.0.1#33193: using view
'_default'
01-Dec-2008 11:01:14.953 security: debug 3: client 127.0.0.1#33193: request
is not signed
01-Dec-2008 11:01:14.953 security: debug 3: client 127.0.0.1#33193:
recursion available
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: query
01-Dec-2008 11:01:14.953 queries: info: client 127.0.0.1#33193: query:
www.solestruck.com IN +
01-Dec-2008 11:01:14.953 client: debug 10: client 127.0.0.1#33193:
ns_client_attach: ref = 1
01-Dec-2008 11:01:14.953 security: debug 3: client 127.0.0.1#33193: query '
www.solestruck.com//IN' approved
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: send
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: sendto
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: senddone
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: next
01-Dec-2008 11:01:14.953 client: debug 10: client 127.0.0.1#33193:
ns_client_detach: ref = 0
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: endrequest
01-Dec-2008 11:01:14.954 general: debug 60: socket 0xb7f2f148
127.0.0.1#33193: packet received correctly
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: UDP
request
01-Dec-2008 11:01:14.954 client: debug 5: client 127.0.0.1#33193: using view
'_default'
01-Dec-2008 11:01:14.954 security: debug 3: client 127.0.0.1#33193: request
is not signed
01-Dec-2008 11:01:14.954 security: debug 3: client 127.0.0.1#33193:
recursion available
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: query
01-Dec-2008 11:01:14.954 queries: info: client 127.0.0.1#33193: query:
www.solestruck.com IN MX +
01-Dec-2008 11:01:14.954 client: debug 10: client 127.0.0.1#33193:
ns_client_attach: ref = 1
01-Dec-2008 11:01:14.954 security: debug 3: client 127.0.0.1#33193: query '
www.solestruck.com/MX/IN' approved
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: send
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: sendto
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: senddone
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: next
01-Dec-2008 11:01:14.954 client: debug 10: client 127.0.0.1#33193:
ns_client_detach: ref = 0
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: endrequest
The result I'm looking for is "10.1.1.44" and this string does not appear in
any of the logs at all.
Anyone have any other ideas?
thanks,
-wes
On Fri, Nov 28, 2008 at 11:28 AM, wes <[EMAIL PROTECTED]> wrote:
> thanks for the info. I do indeed see tons and tons of messages from named.
> I even see the query itself (what people are asking for). Just not the
> result. It seems like I get everything except the result.
>
> -wes
>
>
> On Fri, Nov 28, 2008 at 10:56 AM, ivan jr sy <[EMAIL PRO
Re: logging query results
Good point, I had only used rndc reload to activate the changes to the conf file. The changes definitely took effect at that point, as I could then see all the debug messages in the log. But, I tried a stop && start (had to use /etc/init.d/bind9 because rndc doesn't have a start command for some reason) and I get the same behavior. Here is a sample output from 1 entire transaction. This was generated after running "host www.solestruck.comlocalhost" # grep 127.0.0.1#32999 named.log 28-Nov-2008 11:48:53.063 general: debug 60: socket 0xb7f2f148 127.0.0.1#32999: packet received correctly 28-Nov-2008 11:48:53.063 client: debug 3: client 127.0.0.1#32999: UDP request 28-Nov-2008 11:48:53.063 client: debug 5: client 127.0.0.1#32999: using view '_default' 28-Nov-2008 11:48:53.063 security: debug 3: client 127.0.0.1#32999: request is not signed 28-Nov-2008 11:48:53.063 security: debug 3: client 127.0.0.1#32999: recursion available 28-Nov-2008 11:48:53.063 client: debug 3: client 127.0.0.1#32999: query 28-Nov-2008 11:48:53.064 queries: info: client 127.0.0.1#32999: query: www.solestruck.com IN A + 28-Nov-2008 11:48:53.064 client: debug 10: client 127.0.0.1#32999: ns_client_attach: ref = 1 28-Nov-2008 11:48:53.064 security: debug 3: client 127.0.0.1#32999: query ' www.solestruck.com/A/IN' approved 28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: send 28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: sendto 28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: senddone 28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: next 28-Nov-2008 11:48:53.064 client: debug 10: client 127.0.0.1#32999: ns_client_detach: ref = 0 28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: endrequest 28-Nov-2008 11:48:53.065 general: debug 60: socket 0xb7f2f148 127.0.0.1#32999: packet received correctly 28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: UDP request 28-Nov-2008 11:48:53.065 client: debug 5: client 127.0.0.1#32999: using view '_default' 28-Nov-2008 11:48:53.065 security: debug 3: client 127.0.0.1#32999: request is not signed 28-Nov-2008 11:48:53.065 security: debug 3: client 127.0.0.1#32999: recursion available 28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: query 28-Nov-2008 11:48:53.065 queries: info: client 127.0.0.1#32999: query: www.solestruck.com IN + 28-Nov-2008 11:48:53.065 client: debug 10: client 127.0.0.1#32999: ns_client_attach: ref = 1 28-Nov-2008 11:48:53.065 security: debug 3: client 127.0.0.1#32999: query ' www.solestruck.com//IN' approved 28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: send 28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: sendto 28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: senddone 28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: next 28-Nov-2008 11:48:53.065 client: debug 10: client 127.0.0.1#32999: ns_client_detach: ref = 0 28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: endrequest 28-Nov-2008 11:48:53.066 general: debug 60: socket 0xb7f2f148 127.0.0.1#32999: packet received correctly 28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: UDP request 28-Nov-2008 11:48:53.066 client: debug 5: client 127.0.0.1#32999: using view '_default' 28-Nov-2008 11:48:53.066 security: debug 3: client 127.0.0.1#32999: request is not signed 28-Nov-2008 11:48:53.066 security: debug 3: client 127.0.0.1#32999: recursion available 28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: query 28-Nov-2008 11:48:53.066 queries: info: client 127.0.0.1#32999: query: www.solestruck.com IN MX + 28-Nov-2008 11:48:53.066 client: debug 10: client 127.0.0.1#32999: ns_client_attach: ref = 1 28-Nov-2008 11:48:53.066 security: debug 3: client 127.0.0.1#32999: query ' www.solestruck.com/MX/IN' approved 28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: send 28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: sendto 28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: senddone 28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: next 28-Nov-2008 11:48:53.066 client: debug 10: client 127.0.0.1#32999: ns_client_detach: ref = 0 28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: endrequest thanks for the pointer. Any other ideas? -wes On Fri, Nov 28, 2008 at 10:31 AM, Ben Croswell <[EMAIL PROTECTED]>wrote: > If you didn't actually do a stop and start, you may want to do that or an > rndc query to kickstart the query logs. > > > On Fri, Nov 28, 2008 at 1:08 PM, wes <[EMAIL PROTECTED]> wrote: > >> I would like to know if it's possible to log the output of each dns query. >> I'd like to do this to catch failed queries so I can see what people are >> looking for, and not finding, and add it fo
Re: logging query results
That seems interesting. I will look into that if I can't get bind's built-in
logging system to do what I want.
thanks,
-wes
On Fri, Nov 28, 2008 at 11:23 AM, ivan jr sy <[EMAIL PROTECTED]> wrote:
>
> and why not use..
> https://www.dns-oarc.net/tools/dnscap
>
> dnscap -m q -e y -c 100 -w /path/file
>
> captures:
> - queries only
> - errors only
> - after 100 packets where conditions are met
> - write it to a file..
>
>
> Enjoy!
>
> --- On Sat, 11/29/08, ivan jr sy <[EMAIL PROTECTED]> wrote:
>
> > From: ivan jr sy <[EMAIL PROTECTED]>
> > Subject: Re: logging query results
> > To: bind-users@lists.isc.org, "wes" <[EMAIL PROTECTED]>
> > Date: Saturday, November 29, 2008, 7:56 AM
> > looks like an OK config for me.
> > - you should be able to view the name being queried and
> > from what source IP
> > - debug10 = view the actual query (similar to dig)
> > so you can grep the NXDOMAIN or the ANSWER
> >
> > are you able to view the log file? did it log the start-up
> > processes of BIND? you should be able to see tons and tons
> > of log messages even just on startup of named.
> >
> > note that logging queries will significantly impact the
> > query response rate of the server. its a no no for
> > production. on the other hand, your tcpdump script sounds
> > elegant...
> >
> >
> > --- On Sat, 11/29/08, wes <[EMAIL PROTECTED]> wrote:
> >
> > > From: wes <[EMAIL PROTECTED]>
> > > Subject: logging query results
> > > To: bind-users@lists.isc.org
> > > Date: Saturday, November 29, 2008, 7:08 AM
> > > I would like to know if it's possible to log the
> > output
> > > of each dns query.
> > > I'd like to do this to catch failed queries so I
> > can
> > > see what people are
> > > looking for, and not finding, and add it for them if
> > it
> > > should be there. I
> > > recently lost my old dns server so I have to start
> > from
> > > scratch.
> > >
> > > This is my current logging configuration:
> > >
> > > logging {
> > > channel log {
> > >file "/var/log/named/named.log"
> > > versions 10
> > > size 100m;
> > >severity debug ;
> > >print-time yes;
> > >print-severity yes;
> > >print-category yes;
> > > };
> > > category default { log; };
> > > category queries { log; };
> > > };
> > >
> > > as far as I can tell, this is set up to log everything
> > > ever. but, I still
> > > don't get the actual query result in the log. Is
> > there
> > > a way to do this?
> > >
> > > If not, that's ok, I'll set up a tcpdump
> > script to
> > > do it. but I thought I
> > > would make sure there isn't a built-in method in
> > bind
> > > first.
> > >
> > > thanks for any advice.
> > >
> > > -wes
> > > ___
> > > bind-users mailing list
> > > bind-users@lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> >
> >
> >
> > ___
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: logging query results
thanks for the info. I do indeed see tons and tons of messages from named. I
even see the query itself (what people are asking for). Just not the result.
It seems like I get everything except the result.
-wes
On Fri, Nov 28, 2008 at 10:56 AM, ivan jr sy <[EMAIL PROTECTED]> wrote:
> looks like an OK config for me.
> - you should be able to view the name being queried and from what source IP
> - debug10 = view the actual query (similar to dig)
> so you can grep the NXDOMAIN or the ANSWER
>
> are you able to view the log file? did it log the start-up processes of
> BIND? you should be able to see tons and tons of log messages even just on
> startup of named.
>
> note that logging queries will significantly impact the query response rate
> of the server. its a no no for production. on the other hand, your tcpdump
> script sounds elegant...
>
>
> --- On Sat, 11/29/08, wes <[EMAIL PROTECTED]> wrote:
>
> > From: wes <[EMAIL PROTECTED]>
> > Subject: logging query results
> > To: bind-users@lists.isc.org
> > Date: Saturday, November 29, 2008, 7:08 AM
> > I would like to know if it's possible to log the output
> > of each dns query.
> > I'd like to do this to catch failed queries so I can
> > see what people are
> > looking for, and not finding, and add it for them if it
> > should be there. I
> > recently lost my old dns server so I have to start from
> > scratch.
> >
> > This is my current logging configuration:
> >
> > logging {
> > channel log {
> >file "/var/log/named/named.log"
> > versions 10
> > size 100m;
> >severity debug ;
> >print-time yes;
> >print-severity yes;
> >print-category yes;
> > };
> > category default { log; };
> > category queries { log; };
> > };
> >
> > as far as I can tell, this is set up to log everything
> > ever. but, I still
> > don't get the actual query result in the log. Is there
> > a way to do this?
> >
> > If not, that's ok, I'll set up a tcpdump script to
> > do it. but I thought I
> > would make sure there isn't a built-in method in bind
> > first.
> >
> > thanks for any advice.
> >
> > -wes
> > ___
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
logging query results
I would like to know if it's possible to log the output of each dns query.
I'd like to do this to catch failed queries so I can see what people are
looking for, and not finding, and add it for them if it should be there. I
recently lost my old dns server so I have to start from scratch.
This is my current logging configuration:
logging {
channel log {
file "/var/log/named/named.log"
versions 10
size 100m;
severity debug ;
print-time yes;
print-severity yes;
print-category yes;
};
category default { log; };
category queries { log; };
};
as far as I can tell, this is set up to log everything ever. but, I still
don't get the actual query result in the log. Is there a way to do this?
If not, that's ok, I'll set up a tcpdump script to do it. but I thought I
would make sure there isn't a built-in method in bind first.
thanks for any advice.
-wes
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
