Bind 9.2.4 and logging

Mark Andrews Mark_Andrews at isc.org
Wed Mar 5 22:55:26 UTC 2008


	If you want see which queries have RD set you will need to
	upgrade from BIND 9.2.

	Mark

> So it doesn't look like this is the way ...
> Any other way to find out if it is a recursive request?
> 
> - Henning
> 
> Jeff Reasoner wrote:
> > I don't know that the other categories are material to what you're
> > trying to achieve. The logs will contain the source IP and query
> > regardless of whether it was for in-zone (authoritative) data or
> > answered out of cache.
> > 
> > I did the same thing last summer with 9.4.1-P1 and the following in
> > named.conf:
> > 
> >         channel bind-queries {
> >                 file "/var/log/queries.log" versions 10 size 6m;
> >                 severity info;
> >                 };
> > 
> > I also did some backend scripting to pull out the unique source IPs so I
> > knew who I had to contact about changes. 
> > 
> > On Mon, 2008-03-03 at 22:58 +0100, Henning Markussen wrote:
> >> Hi
> >>
> >> I'm trying to close down some DNS servers that currently are open to 
> >> recursive requests.
> >> They are ruining bind 9.2.4
> >>
> >> In this process my plan was to determine what clients are using the 
> >> servers as recursive name servers.
> >>
> >> I've found the category resolver, client and queries
> >>
> >> queries logs the queries ok - but nothing gets into the resolver or 
> >> client category
> >>
> >> channel queries_log {
> >> file "/var/log/queries.log" versions 5 size 5m;
> >> print-time yes;
> >> severity dynamic;
> >> };
> >>
> >> channel resolver_log {
> >> file "/var/log/resolver.log" versions 5 size 5m;
> >> print-time yes;
> >> severity dynamic;
> >> };
> >>
> >> channel client_log {
> >> file "/var/log/client.log" versions 5 size 5m;
> >> print-time yes;
> >> severity dynamic;
> >> };
> >>
> >> category client { client_log; };
> >> category queries { queries_log; };
> >> category resolver { resolver_log; };
> >>
> >> Is there a category where I can log if a request is to the authoritative 
> >> or to the recursive, or am I just not using the categories correct?
> >>
> >> Thank you for any input or ideas
> >>
> >> - Henning
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list