> Eivind Olsen <eivind at aminor.no> wrote:
>
>
>> Hello.
>>
>> Where do "recursion denied" messages go? I have a server running BIND
>> 9.3.1, and I'd like to see which queries it denies (I'm using
>> "allow-recursion" to allow just some networks to use it recursively).
>>
>> I have tried to provoke generation fo such messages by doing recursive
>> queries from an external network, but nothing is shown in the logs. What
>> logs? BIND has not been configured to use any special logging settings,
>> so it uses whatever the default is. OS = Solaris 5.8. I see some
>> "named"-messages in /var/adm/messages but nothing related to recursion
>> being denied anyone.
>>
>> Do I need to tweak the logging to get what I want? If so, which category
>> and severity level am I looking for?
>>
Hi,
we have had luck with this settings in named.conf:
[snip..]
channel security_log {
file "/var/log/security.log" versions 5 size 5m;
severity debug ;
print-category yes;
print-severity yes;
print-time yes;
};
category security {
security_log;
};
[snip]
The messages in /var/log/security.log :
security.log:27-Apr-2006 10:05:52.695 security: info: client
208.39.44.8#10621: query (cache) './NS/IN' denied
security.log:27-Apr-2006 10:05:53.057 security: info: client
208.39.44.8#10621: query (cache) './NS/IN' denied
security.log:27-Apr-2006 10:05:53.438 security: info: client
208.39.44.8#10621: query (cache) './NS/IN' denied
Regards
Holger