Agenda: dns-bind-logging-lab1.txt

File dns-bind-logging-lab1.txt, 3.2 KB (added by admin, 5 years ago)
Line 
1BIND LOGGING
2------------
3
4By default, logs from named are sent to /var/log/messages via syslog.
5
6Let's make BIND log in a more detailed fashion.
7
8On AUTH1 (auth1.grpX - and if running BIND on your resolver, on resolv.grpX
9as well):
10
111. Create the log directory:
12
13        $ sudo mkdir -p /etc/namedb/log
14        $ sudo chown bind /etc/namedb/log
15
162. Edit /etc/rc.conf, and enable named (BIND), in case you haven't already
17   done so:
18
19        $ sudo ee /etc/rc.conf
20
21named_chrootdir=""
22named_enable="YES"
23
24        Save the file and exit.
25
263. Edit /etc/namedb/named.conf
27
28If it is still there, find and *REMOVE* the "listen-on" line (in the
29"options" section):
30
31options {
32    ...
33    listen-on       { 127.0.0.1; };             // <- remove this line!
34    ...
35};
36
37
38Now move to the bottom (end) of the file, and create the "logging section":
39
40// - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - -
41
42logging {
43        // Channels
44
45        channel transfers {
46            file "/etc/namedb/log/transfers" versions 3 size 10M;
47            print-time yes;
48                        severity info;
49        };
50        channel notify {
51            file "/etc/namedb/log/notify" versions 3 size 10M;
52            print-time yes;
53                        severity info;
54        };
55        channel dnssec {
56            file "/etc/namedb/log/dnssec" versions 3 size 10M;
57            print-time yes;
58                        severity info;
59        };
60        channel query {
61            file "/etc/namedb/log/query" versions 5 size 10M;
62            print-time yes;
63                        severity info;
64        };
65        channel general {
66            file "/etc/namedb/log/general" versions 3 size 10M;
67            print-time yes;
68                        severity info;
69        };
70
71        // Categories
72
73        category xfer-out { transfers; };
74        category xfer-in { transfers; };
75        category notify { notify; };
76
77        category lame-servers { general; };
78        category config { general; };
79        category default { general; };
80        category security { general; };
81        category dnssec { dnssec; };
82
83        // category queries { query; };
84
85};
86
87// - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - - -
88
89
90Save and exit the file, and TEST that it works:
91
92        $ sudo named-checkconf /etc/namedb/named.conf
93
94Note that the "queries" category is commented out. This is on purpose as this
95log file on many servers could become very large quickly.
96
974. Now reconfig or restart bind:
98
99   $ sudo rndc reconfig
100
101        - Look into /etc/namedb/log/, and see if the files get created.
102
103        If it doesn't work, try:
104
105        - check permissions for /etc/namedb/log
106        - restarting named (service named restart)
107
108    Note: it is required for query logging for BIND to be restarted.
109
1105. Do a zone transfer of you own domain:
111
112        $ dig @auth1.grpX.dns.nsrc.org AXFR MYTLD
113        ...
114
115        - Verify that the transfer shows up in /etc/namedb/log/transfers:
116
11717-Feb-2011 11:18:15.331 client 127.0.0.1#61235: transfer of 'MYTLD/IN': AXFR started
11817-Feb-2011 11:18:15.331 client 127.0.0.1#61235: transfer of 'MYTLD/IN': AXFR ended
119
1206. Update the serial number on your master zone file:
121
122        $ sudo vi /etc/namedb/master/MYTLD
123
124        Increment Serial by 1 then save the zone file.
125
126        # rndc reload MYTLD
127
128        In the notify log file there should be a line that looks something
129        like this:
130
131        $ cat /etc/namedb/log/notify
132
13322-Feb-2012 23:43:48.647 zone MYTLD/IN: sending notifies (serial 2012022306)