Track3Sec: 1.7_dns-bind-logging.txt

File 1.7_dns-bind-logging.txt, 3.6 KB (added by Fakrul Alam, 6 years ago)
Line 
1BIND LOGGING
2------------
3
4By default, logs from named are sent to /var/log/messages via syslog.
5
6Let's make BIND log in a more detailed fashion.
7
8On AUTH1 (auth1.grpX):
9
101. Create the log directory:
11
12        # mkdir -p /etc/namedb/log
13        # chown bind /etc/namedb/log
14
152. Edit /etc/rc.conf, and enable named (BIND), in case you haven't already
16   done so:
17
18        # ee /etc/rc.conf
19
20named_chrootdir=""
21named_enable="YES"
22
23        Save the file and exit.
24
25
263. Edit /etc/namedb/named.conf
27
28In the "options" section, find and *REMOVE* the "listen-on" line
29if still there:
30
31
32options {
33    ...
34    listen-on       { 127.0.0.1; };             // <- remove this line!
35    ...
36};
37
38
39Now move to the bottom (end) of the file, and create the "logging section":
40
41// - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - -
42
43logging {
44        // Channels
45
46        channel transfers {
47            file "/etc/namedb/log/transfers" versions 3 size 10M;
48            print-time yes;
49                        severity info;
50        };
51        channel notify {
52            file "/etc/namedb/log/notify" versions 3 size 10M;
53            print-time yes;
54                        severity info;
55        };
56        channel dnssec {
57            file "/etc/namedb/log/dnssec" versions 3 size 10M;
58            print-time yes;
59                        severity info;
60        };
61        channel query {
62            file "/etc/namedb/log/query" versions 5 size 10M;
63            print-time yes;
64                        severity info;
65        };
66        channel general {
67            file "/etc/namedb/log/general" versions 3 size 10M;
68            print-time yes;
69                        severity info;
70        };
71
72        // Categories
73
74        category xfer-out { transfers; };
75        category xfer-in { transfers; };
76        category notify { notify; };
77
78        category lame-servers { general; };
79        category config { general; };
80        category default { general; };
81        category security { general; };
82        category dnssec { dnssec; };
83
84        // category queries { query; };
85
86};
87
88// - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - - -
89
90
91Save and exit the file, and TEST that it works:
92
93        # named-checkconf /etc/namedb/named.conf
94
95Note that the "queries" category is commented out. This is on purpose as this
96log file on many servers could become very large quickly.
97
984. Now reconfig or restart bind:
99
100   # rndc reconfig
101
102        - Look into /etc/namedb/log/, and see if the files get created.
103          (e.g., "ls -lt /etc/namedb/log/")
104
105        If it doesn't work, try:
106
107        - check permissions for /etc/namedb/log
108        - restarting named (/etc/rc.d/named restart)
109
1105. Do a zone transfer of you own domain:
111
112        # dig @auth1.grpX.dns.nsrc.org AXFR MYTLD
113        ...
114
115        - Verify that the transfer shows up in /etc/namedb/log/transfers:
116
11717-Feb-2011 11:18:15.331 client 10.10.X.1#61235: transfer of 'MYTLD/IN': AXFR started
11817-Feb-2011 11:18:15.331 client 10.10.X.1#61235: transfer of 'MYTLD/IN': AXFR ended
119
1206. Update the serial number on your master zone file:
121
122        # vi /etc/namedb/master/MYTLD
123
124        Increment Serial by 1 then save the zone file.
125
126        # rndc reload MYTLD
127
128        In the notify log file there should be a line that looks something
129        like this:
130
131        # cat /etc/namedb/log/notify
132
13322-Feb-2012 23:43:48.647 zone MYTLD/IN: sending notifies (serial 2012022306)
134
1357. Optional - view queries
136
137        Remove the "//" from the front of "category queries { query; };"
138        and restart the nameserver
139
140        # service named restart
141
142        Then start monitoring the query file
143
144        # tail -F /etc/namedb/log/query
145
146        While that is running, in another terminal window or on
147        someone else's machine, execute a dig.
148
149        # dig @10.10.XX.1 www.MYTLD.
150
151        You should see the query in the logfile.
152