Bind 9 query logging
Sorry, I should have been a been a bit more specific. In reference to the O Reilly book: O' Reilly DNS and Bind by Paul Albitz Cricket Liu (4th Edition) pg. 163 - 173 (specifically pg. 164, paragraph 4) and pg. 405 - 421 (info about using the debug options) The web sites I looked at were: http://www.bind9.net/manuals and http://www.zytrax.com/books/dns So reading your response the current version of Bind (9.6 I think) does not have the ability to log the responses. O Reilly DNS and Bind Paul Albitz Cricket Liu ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9 query logging
On Fri, 30 Jan 2009, Robert Coward wrote: Sorry, I should have been a been a bit more specific. In reference to the O Reilly book: O' Reilly DNS and Bind by Paul Albitz Cricket Liu (4th Edition) pg. 163 - 173 (specifically pg. 164, paragraph 4) and pg. 405 - 421 (info about using the debug options) The web sites I looked at were: http://www.bind9.net/manuals and http://www.zytrax.com/books/dns So reading your response the current version of Bind (9.6 I think) does not have the ability to log the responses. O Reilly DNS and Bind Paul Albitz Cricket Liu Using 9.6.0-P1, I enabled the querylogs option like this: channel querylogs { file /var/log/dnsqueries size 20m; severity info; print-category yes; print-severity yes; print-time yes; }; category queries {querylogs; }; and it generated a quite large log file so I wrote a rather inefficient bash script to distill it down to more readable format and end up with this little query report: Total A NS MX TXT PTR SOA SPF External 740 3101 353 2 0 73 0 Internal 33504 23758 15451222553314450 0 Totals 34244 24068 154615755535144573 0 Other packets: (if any not detailed) 01-Feb-2009 13:34:27.796 queries: info: client64.246.42.203#40986: view external: query: maplepark.com IN IXFR - 02-Feb-2009 11:32:54.799 queries: info: client 192.168.102.95#53722: view internal: query: _ldap._tcp.dc._msdcs.maplepark.com IN SRV + DDos ( . IN NS) attacks follow: (if any) (Note: I don't get any of these anymore as I have them dropped at the firewall. They amount to about 1000 per day, and demanded some sort of attention to make my logs readable.) The script via cron runs daily mailing the output and it serves my purposes for a very small office network. -- David Forrest St. Louis, Missouri ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind 9 query logging
I am trying to configure query logging on bind 9. Currently I have the following in my configuration file: logging { channel warning_log { file /var/adm/dns-logs/dns_warnings.log versions 7 size 2G; severity warning; print-category yes; print-severity yes; print-time yes; }; channel query_log { file /var/adm/dns-logs/dns_query.log versions 7 size 2G; severity debug 3; print-category yes; print-severity yes; print-time yes; }; category default { warning_log; } ; category queries { query_log; }; category lame-servers { null; }; category security { null; }; category unmatched { null; }; }; According to the O Reilly book DNS and Bind (4th Edition) and the Bind 9 web docs the configuration above should log both the requested query and the response. Currently all I get back is the query: 29-Jan-2009 14:15:00.666 queries: info: client xxx.xxx.xxx.xxx#56766: query: 49.105.135.67.in-addr.arpa IN PTR + 29-Jan-2009 14:15:00.730 queries: info: client xxx.xxx.xxx.xxx#45016: query: m1.search.yahoo-ht3.akadns.net IN A +ED 29-Jan-2009 14:15:00.821 queries: info: client xxx.xxx.xxx.xxx#48060: query: liveupdate.symantec.d4p.net IN A +ED 29-Jan-2009 14:15:00.882 queries: info: client xxx.xxx.xxx.xxx#62480: query: businessweek.112.2o7.net IN A +ED 29-Jan-2009 14:15:00.891 queries: info: client xxx.xxx.xxx.xxx#22652: query: a973.g.akamai.net IN A +ED 29-Jan-2009 14:15:00.900 queries: info: client xxx.xxx.xxx.xxx#49831: query: stats.surfaid.ihost.com IN A +ED 29-Jan-2009 14:15:00.924 queries: info: client xxx.xxx.xxx.xxx#5606: query: www.pic2009.org IN A +ED 29-Jan-2009 14:15:00.936 queries: info: client xxx.xxx.xxx.xxx#51641: query: www.yopoll.com IN A +ED 29-Jan-2009 14:15:00.946 queries: info: client xxx.xxx.xxx.xxx#6002: query: 174.162.127.222.in-addr.arpa IN PTR +ED Even when I start bind using the -d option I do not get what I want. Can someone help me out. C ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9 query logging
At Thu, 29 Jan 2009 14:33:31 -0500, cod3fr3ak rvc.pobox+unixli...@gmail.com wrote: channel query_log { file /var/adm/dns-logs/dns_query.log versions 7 size 2G; severity debug 3; print-category yes; print-severity yes; print-time yes; }; According to the O Reilly book DNS and Bind (4th Edition) and the Bind 9 web docs the configuration above should log both the requested query and the response. Currently all I get back is the query: What exactly do you mean by 'BIND 9 web doc', and which specific part of it are you referring to? Whatever the docs or books say, the fact is that BIND9 doesn't log replies. BTW, next version(s) of BIND9 (at least 9.7, perhaps next minor versions of current releases) will have the ability to log query errors, which include logs about responses indicating an error (such as NXDOMAINs or SERVFAILs). So, if you're particularly interested in such unusual responses, you'll probably be happy with that. We previously discussed in this mailing list whether we want to have the ability of logging any responses. Opinions varied: some said that would be great, others said don't complicate the implementation any more, and let packet capture tools do the job. I see the point of both sides, and at the moment we're simply keeping the current behavior (i.e, not logging responses). --- JINMEI, Tatuya Internet Systems Consortium, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users