Track3Sec: 1.7_dns-bind-logging.txt

File 1.7_dns-bind-logging.txt, 3.6 KB (added by Fakrul Alam, 6 years ago)

Line
1	BIND LOGGING
2	------------
3
4	By default, logs from named are sent to /var/log/messages via syslog.
5
6	Let's make BIND log in a more detailed fashion.
7
8	On AUTH1 (auth1.grpX):
9
10	1. Create the log directory:
11
12	# mkdir -p /etc/namedb/log
13	# chown bind /etc/namedb/log
14
15	2. Edit /etc/rc.conf, and enable named (BIND), in case you haven't already
16	done so:
17
18	# ee /etc/rc.conf
19
20	named_chrootdir=""
21	named_enable="YES"
22
23	Save the file and exit.
24
25
26	3. Edit /etc/namedb/named.conf
27
28	In the "options" section, find and REMOVE the "listen-on" line
29	if still there:
30
31
32	options {
33	...
34	listen-on { 127.0.0.1; }; // <- remove this line!
35	...
36	};
37
38
39	Now move to the bottom (end) of the file, and create the "logging section":
40
41	// - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - -
42
43	logging {
44	// Channels
45
46	channel transfers {
47	file "/etc/namedb/log/transfers" versions 3 size 10M;
48	print-time yes;
49	severity info;
50	};
51	channel notify {
52	file "/etc/namedb/log/notify" versions 3 size 10M;
53	print-time yes;
54	severity info;
55	};
56	channel dnssec {
57	file "/etc/namedb/log/dnssec" versions 3 size 10M;
58	print-time yes;
59	severity info;
60	};
61	channel query {
62	file "/etc/namedb/log/query" versions 5 size 10M;
63	print-time yes;
64	severity info;
65	};
66	channel general {
67	file "/etc/namedb/log/general" versions 3 size 10M;
68	print-time yes;
69	severity info;
70	};
71
72	// Categories
73
74	category xfer-out { transfers; };
75	category xfer-in { transfers; };
76	category notify { notify; };
77
78	category lame-servers { general; };
79	category config { general; };
80	category default { general; };
81	category security { general; };
82	category dnssec { dnssec; };
83
84	// category queries { query; };
85
86	};
87
88	// - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - - -
89
90
91	Save and exit the file, and TEST that it works:
92
93	# named-checkconf /etc/namedb/named.conf
94
95	Note that the "queries" category is commented out. This is on purpose as this
96	log file on many servers could become very large quickly.
97
98	4. Now reconfig or restart bind:
99
100	# rndc reconfig
101
102	- Look into /etc/namedb/log/, and see if the files get created.
103	(e.g., "ls -lt /etc/namedb/log/")
104
105	If it doesn't work, try:
106
107	- check permissions for /etc/namedb/log
108	- restarting named (/etc/rc.d/named restart)
109
110	5. Do a zone transfer of you own domain:
111
112	# dig @auth1.grpX.dns.nsrc.org AXFR MYTLD
113	...
114
115	- Verify that the transfer shows up in /etc/namedb/log/transfers:
116
117	17-Feb-2011 11:18:15.331 client 10.10.X.1#61235: transfer of 'MYTLD/IN': AXFR started
118	17-Feb-2011 11:18:15.331 client 10.10.X.1#61235: transfer of 'MYTLD/IN': AXFR ended
119
120	6. Update the serial number on your master zone file:
121
122	# vi /etc/namedb/master/MYTLD
123
124	Increment Serial by 1 then save the zone file.
125
126	# rndc reload MYTLD
127
128	In the notify log file there should be a line that looks something
129	like this:
130
131	# cat /etc/namedb/log/notify
132
133	22-Feb-2012 23:43:48.647 zone MYTLD/IN: sending notifies (serial 2012022306)
134
135	7. Optional - view queries
136
137	Remove the "//" from the front of "category queries { query; };"
138	and restart the nameserver
139
140	# service named restart
141
142	Then start monitoring the query file
143
144	# tail -F /etc/namedb/log/query
145
146	While that is running, in another terminal window or on
147	someone else's machine, execute a dig.
148
149	# dig @10.10.XX.1 www.MYTLD.
150
151	You should see the query in the logfile.
152