logging query results

Chris Buxton cbuxton at menandmice.com
Wed Dec 3 00:24:39 UTC 2008


On Tue, 2008-12-02 at 15:55 -0700, Bill Larson wrote:
> Query logging is a great idea, but OARC has already produced a very 
> functional "dnscap" which will capture all DNS traffic, queries and 
> responses, incoming and outgoing.  Maybe this type of logging functionality 
> could be better relegated to a third party tool such as "dnscap" rather than 
> being built directly into BIND.

It sounds like you're saying that ISC should be removing some of the
existing logging functions from BIND, rather than adding more. Logging
queries, updates, zone transfers, etc., is all superfluous when you have
a packet sniffer. An awful lot of debug-level logging is likewise
useless and maybe should not be in the release-quality code, or at least
not built into the binary unless 'configure' is passed some kind of
"debug build" switch.

Is that what you're saying?

Personally, I think the ability to see not only the incoming query but
also the outgoing queries caused by that query and all of the responses
received *and sent* is a useful thing for debugging.

Not everyone has the ability to use and understand dnscap. BIND does not
need to be tailored just for those who already know what they're doing.

Chris Buxton
Men & Mice




More information about the bind-users mailing list