Wiki

User Tools

Site Tools

Trace: dovecot database git_fsck diff llvmpipe logs openvpn logging
ubuntu:bind:logging

This is an old revision of the document!

Ubuntu - Bind - Logging

The two main logging options are channel and category, which configure where logs go, and what information gets logged, respectively.

If no logging options are configured the default configuration is: 

logging {
     category default { default_syslog; default_debug; };
     category unmatched { null; };
};

NOTE: BIND 9 categories are:

  • default BIND 9's default category matches all categories not specifically assigned to channels.
    • BIND 9's default category doesn't match BIND's messages that aren't categorized. Those are part of the category listed next.
  • general The general category contains all of the BIND messages that aren't explicitly classified.
  • client Processing client requests.
  • config Configuration file parsing and processing.
  • database Messages relating to BIND's internal database; used to store zone data and cache records.
  • dnssec Processing DNSSEC-signed responses.
  • lame-servers Detection of bad delegation (re-added in BIND 9.1.0; before that, lame server messages were logged to resolver).
  • network Network operations.
  • notify Asynchronous zone change notifications.
  • queries Query logging (added in BIND 9.1.0).
  • resolver Name resolution, including the processing of recursive queries from resolvers.
  • security Approved/unapproved requests.
  • update Dynamic update events.
  • xfer-in Zone transfers from remote name servers to the local name server.
  • xfer-out Zone transfers from the local name server to remote name servers.

We need to configure a channel to specify which file to send the messages to, and a category.

In this example, the category will log all queries.

Edit /etc/bind/named.conf.local and add the following:

/etc/bind/named.conf.local
logging {
    channel query.log {
        file "/var/log/named/query.log";
        severity debug 3;
    };
    category queries { query.log; };
};

NOTE: Channels allow you to filter by message severity. Here is the list of severities:

  • critical
  • error
  • warning
  • notice
  • info
  • debug [level]. The debug option can be set from 1 to 3. If a level isn’t specified, level 1 is the default.
  • dynamic

Since the named daemon runs as the bind user the /var/log/named directory must be created and the ownership changed: 

sudo mkdir /var/log/named
sudo chown bind:bind /var/log/named

Restart BIND9 for the changes to take effect: 

sudo systemctl restart bind9.service

You should see the file /var/log/named/query.log fill with query information.

NOTE: This is a simple example of the BIND9 logging options.

For coverage of advanced options see More Information.

ubuntu/bind/logging.1607537632.txt.gz · Last modified: 2020/12/09 18:13 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki