1 | BIND LOGGING |
---|
2 | ------------ |
---|
3 | |
---|
4 | By default, logs from named are sent to /var/log/messages via syslog. |
---|
5 | |
---|
6 | Let's make BIND log in a more detailed fashion. |
---|
7 | |
---|
8 | On AUTH1 (auth1.grpX): |
---|
9 | |
---|
10 | 1. Create the log directory: |
---|
11 | |
---|
12 | # mkdir -p /etc/namedb/log |
---|
13 | # chown bind /etc/namedb/log |
---|
14 | |
---|
15 | 2. Edit /etc/rc.conf, and enable named (BIND), in case you haven't already |
---|
16 | done so: |
---|
17 | |
---|
18 | # ee /etc/rc.conf |
---|
19 | |
---|
20 | named_chrootdir="" |
---|
21 | named_enable="YES" |
---|
22 | |
---|
23 | Save the file and exit. |
---|
24 | |
---|
25 | |
---|
26 | 3. Edit /etc/namedb/named.conf |
---|
27 | |
---|
28 | In the "options" section, find and *REMOVE* the "listen-on" line |
---|
29 | if still there: |
---|
30 | |
---|
31 | |
---|
32 | options { |
---|
33 | ... |
---|
34 | listen-on { 127.0.0.1; }; // <- remove this line! |
---|
35 | ... |
---|
36 | }; |
---|
37 | |
---|
38 | |
---|
39 | Now move to the bottom (end) of the file, and create the "logging section": |
---|
40 | |
---|
41 | // - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - - |
---|
42 | |
---|
43 | logging { |
---|
44 | // Channels |
---|
45 | |
---|
46 | channel transfers { |
---|
47 | file "/etc/namedb/log/transfers" versions 3 size 10M; |
---|
48 | print-time yes; |
---|
49 | severity info; |
---|
50 | }; |
---|
51 | channel notify { |
---|
52 | file "/etc/namedb/log/notify" versions 3 size 10M; |
---|
53 | print-time yes; |
---|
54 | severity info; |
---|
55 | }; |
---|
56 | channel dnssec { |
---|
57 | file "/etc/namedb/log/dnssec" versions 3 size 10M; |
---|
58 | print-time yes; |
---|
59 | severity info; |
---|
60 | }; |
---|
61 | channel query { |
---|
62 | file "/etc/namedb/log/query" versions 5 size 10M; |
---|
63 | print-time yes; |
---|
64 | severity info; |
---|
65 | }; |
---|
66 | channel general { |
---|
67 | file "/etc/namedb/log/general" versions 3 size 10M; |
---|
68 | print-time yes; |
---|
69 | severity info; |
---|
70 | }; |
---|
71 | |
---|
72 | // Categories |
---|
73 | |
---|
74 | category xfer-out { transfers; }; |
---|
75 | category xfer-in { transfers; }; |
---|
76 | category notify { notify; }; |
---|
77 | |
---|
78 | category lame-servers { general; }; |
---|
79 | category config { general; }; |
---|
80 | category default { general; }; |
---|
81 | category security { general; }; |
---|
82 | category dnssec { dnssec; }; |
---|
83 | |
---|
84 | // category queries { query; }; |
---|
85 | |
---|
86 | }; |
---|
87 | |
---|
88 | // - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - - - |
---|
89 | |
---|
90 | |
---|
91 | Save and exit the file, and TEST that it works: |
---|
92 | |
---|
93 | # named-checkconf /etc/namedb/named.conf |
---|
94 | |
---|
95 | Note that the "queries" category is commented out. This is on purpose as this |
---|
96 | log file on many servers could become very large quickly. |
---|
97 | |
---|
98 | 4. Now reconfig or restart bind: |
---|
99 | |
---|
100 | # rndc reconfig |
---|
101 | |
---|
102 | - Look into /etc/namedb/log/, and see if the files get created. |
---|
103 | (e.g., "ls -lt /etc/namedb/log/") |
---|
104 | |
---|
105 | If it doesn't work, try: |
---|
106 | |
---|
107 | - check permissions for /etc/namedb/log |
---|
108 | - restarting named (/etc/rc.d/named restart) |
---|
109 | |
---|
110 | 5. Do a zone transfer of you own domain: |
---|
111 | |
---|
112 | # dig @auth1.grpX.dns.nsrc.org AXFR MYTLD |
---|
113 | ... |
---|
114 | |
---|
115 | - Verify that the transfer shows up in /etc/namedb/log/transfers: |
---|
116 | |
---|
117 | 17-Feb-2011 11:18:15.331 client 10.10.X.1#61235: transfer of 'MYTLD/IN': AXFR started |
---|
118 | 17-Feb-2011 11:18:15.331 client 10.10.X.1#61235: transfer of 'MYTLD/IN': AXFR ended |
---|
119 | |
---|
120 | 6. Update the serial number on your master zone file: |
---|
121 | |
---|
122 | # vi /etc/namedb/master/MYTLD |
---|
123 | |
---|
124 | Increment Serial by 1 then save the zone file. |
---|
125 | |
---|
126 | # rndc reload MYTLD |
---|
127 | |
---|
128 | In the notify log file there should be a line that looks something |
---|
129 | like this: |
---|
130 | |
---|
131 | # cat /etc/namedb/log/notify |
---|
132 | |
---|
133 | 22-Feb-2012 23:43:48.647 zone MYTLD/IN: sending notifies (serial 2012022306) |
---|
134 | |
---|
135 | 7. Optional - view queries |
---|
136 | |
---|
137 | Remove the "//" from the front of "category queries { query; };" |
---|
138 | and restart the nameserver |
---|
139 | |
---|
140 | # service named restart |
---|
141 | |
---|
142 | Then start monitoring the query file |
---|
143 | |
---|
144 | # tail -F /etc/namedb/log/query |
---|
145 | |
---|
146 | While that is running, in another terminal window or on |
---|
147 | someone else's machine, execute a dig. |
---|
148 | |
---|
149 | # dig @10.10.XX.1 www.MYTLD. |
---|
150 | |
---|
151 | You should see the query in the logfile. |
---|
152 | |
---|