| 1 | BIND LOGGING |
|---|
| 2 | ------------ |
|---|
| 3 | |
|---|
| 4 | By default, logs from named are sent to /var/log/messages via syslog. |
|---|
| 5 | |
|---|
| 6 | Let's make BIND log in a more detailed fashion. |
|---|
| 7 | |
|---|
| 8 | On AUTH1 (auth1.grpX): |
|---|
| 9 | |
|---|
| 10 | 1. Create the log directory: |
|---|
| 11 | |
|---|
| 12 | # mkdir -p /etc/namedb/log |
|---|
| 13 | # chown bind /etc/namedb/log |
|---|
| 14 | |
|---|
| 15 | 2. Edit /etc/rc.conf, and enable named (BIND), in case you haven't already |
|---|
| 16 | done so: |
|---|
| 17 | |
|---|
| 18 | # ee /etc/rc.conf |
|---|
| 19 | |
|---|
| 20 | named_chrootdir="" |
|---|
| 21 | named_enable="YES" |
|---|
| 22 | |
|---|
| 23 | Save the file and exit. |
|---|
| 24 | |
|---|
| 25 | |
|---|
| 26 | 3. Edit /etc/namedb/named.conf |
|---|
| 27 | |
|---|
| 28 | In the "options" section, find and *REMOVE* the "listen-on" line |
|---|
| 29 | if still there: |
|---|
| 30 | |
|---|
| 31 | |
|---|
| 32 | options { |
|---|
| 33 | ... |
|---|
| 34 | listen-on { 127.0.0.1; }; // <- remove this line! |
|---|
| 35 | ... |
|---|
| 36 | }; |
|---|
| 37 | |
|---|
| 38 | |
|---|
| 39 | Now move to the bottom (end) of the file, and create the "logging section": |
|---|
| 40 | |
|---|
| 41 | // - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - - - |
|---|
| 42 | |
|---|
| 43 | logging { |
|---|
| 44 | // Channels |
|---|
| 45 | |
|---|
| 46 | channel transfers { |
|---|
| 47 | file "/etc/namedb/log/transfers" versions 3 size 10M; |
|---|
| 48 | print-time yes; |
|---|
| 49 | severity info; |
|---|
| 50 | }; |
|---|
| 51 | channel notify { |
|---|
| 52 | file "/etc/namedb/log/notify" versions 3 size 10M; |
|---|
| 53 | print-time yes; |
|---|
| 54 | severity info; |
|---|
| 55 | }; |
|---|
| 56 | channel dnssec { |
|---|
| 57 | file "/etc/namedb/log/dnssec" versions 3 size 10M; |
|---|
| 58 | print-time yes; |
|---|
| 59 | severity info; |
|---|
| 60 | }; |
|---|
| 61 | channel query { |
|---|
| 62 | file "/etc/namedb/log/query" versions 5 size 10M; |
|---|
| 63 | print-time yes; |
|---|
| 64 | severity info; |
|---|
| 65 | }; |
|---|
| 66 | channel general { |
|---|
| 67 | file "/etc/namedb/log/general" versions 3 size 10M; |
|---|
| 68 | print-time yes; |
|---|
| 69 | severity info; |
|---|
| 70 | }; |
|---|
| 71 | |
|---|
| 72 | // Categories |
|---|
| 73 | |
|---|
| 74 | category xfer-out { transfers; }; |
|---|
| 75 | category xfer-in { transfers; }; |
|---|
| 76 | category notify { notify; }; |
|---|
| 77 | |
|---|
| 78 | category lame-servers { general; }; |
|---|
| 79 | category config { general; }; |
|---|
| 80 | category default { general; }; |
|---|
| 81 | category security { general; }; |
|---|
| 82 | category dnssec { dnssec; }; |
|---|
| 83 | |
|---|
| 84 | // category queries { query; }; |
|---|
| 85 | |
|---|
| 86 | }; |
|---|
| 87 | |
|---|
| 88 | // - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - - - |
|---|
| 89 | |
|---|
| 90 | |
|---|
| 91 | Save and exit the file, and TEST that it works: |
|---|
| 92 | |
|---|
| 93 | # named-checkconf /etc/namedb/named.conf |
|---|
| 94 | |
|---|
| 95 | Note that the "queries" category is commented out. This is on purpose as this |
|---|
| 96 | log file on many servers could become very large quickly. |
|---|
| 97 | |
|---|
| 98 | 4. Now reconfig or restart bind: |
|---|
| 99 | |
|---|
| 100 | # rndc reconfig |
|---|
| 101 | |
|---|
| 102 | - Look into /etc/namedb/log/, and see if the files get created. |
|---|
| 103 | (e.g., "ls -lt /etc/namedb/log/") |
|---|
| 104 | |
|---|
| 105 | If it doesn't work, try: |
|---|
| 106 | |
|---|
| 107 | - check permissions for /etc/namedb/log |
|---|
| 108 | - restarting named (/etc/rc.d/named restart) |
|---|
| 109 | |
|---|
| 110 | 5. Do a zone transfer of you own domain: |
|---|
| 111 | |
|---|
| 112 | # dig @auth1.grpX.dns.nsrc.org AXFR MYTLD |
|---|
| 113 | ... |
|---|
| 114 | |
|---|
| 115 | - Verify that the transfer shows up in /etc/namedb/log/transfers: |
|---|
| 116 | |
|---|
| 117 | 17-Feb-2011 11:18:15.331 client 10.10.X.1#61235: transfer of 'MYTLD/IN': AXFR started |
|---|
| 118 | 17-Feb-2011 11:18:15.331 client 10.10.X.1#61235: transfer of 'MYTLD/IN': AXFR ended |
|---|
| 119 | |
|---|
| 120 | 6. Update the serial number on your master zone file: |
|---|
| 121 | |
|---|
| 122 | # vi /etc/namedb/master/MYTLD |
|---|
| 123 | |
|---|
| 124 | Increment Serial by 1 then save the zone file. |
|---|
| 125 | |
|---|
| 126 | # rndc reload MYTLD |
|---|
| 127 | |
|---|
| 128 | In the notify log file there should be a line that looks something |
|---|
| 129 | like this: |
|---|
| 130 | |
|---|
| 131 | # cat /etc/namedb/log/notify |
|---|
| 132 | |
|---|
| 133 | 22-Feb-2012 23:43:48.647 zone MYTLD/IN: sending notifies (serial 2012022306) |
|---|
| 134 | |
|---|
| 135 | 7. Optional - view queries |
|---|
| 136 | |
|---|
| 137 | Remove the "//" from the front of "category queries { query; };" |
|---|
| 138 | and restart the nameserver |
|---|
| 139 | |
|---|
| 140 | # service named restart |
|---|
| 141 | |
|---|
| 142 | Then start monitoring the query file |
|---|
| 143 | |
|---|
| 144 | # tail -F /etc/namedb/log/query |
|---|
| 145 | |
|---|
| 146 | While that is running, in another terminal window or on |
|---|
| 147 | someone else's machine, execute a dig. |
|---|
| 148 | |
|---|
| 149 | # dig @10.10.XX.1 www.MYTLD. |
|---|
| 150 | |
|---|
| 151 | You should see the query in the logfile. |
|---|
| 152 | |
|---|