Bind 9.2.4 and logging
Mark Andrews
Mark_Andrews at isc.org
Wed Mar 5 22:55:26 UTC 2008
If you want see which queries have RD set you will need to
upgrade from BIND 9.2.
Mark
> So it doesn't look like this is the way ...
> Any other way to find out if it is a recursive request?
>
> - Henning
>
> Jeff Reasoner wrote:
> > I don't know that the other categories are material to what you're
> > trying to achieve. The logs will contain the source IP and query
> > regardless of whether it was for in-zone (authoritative) data or
> > answered out of cache.
> >
> > I did the same thing last summer with 9.4.1-P1 and the following in
> > named.conf:
> >
> > channel bind-queries {
> > file "/var/log/queries.log" versions 10 size 6m;
> > severity info;
> > };
> >
> > I also did some backend scripting to pull out the unique source IPs so I
> > knew who I had to contact about changes.
> >
> > On Mon, 2008-03-03 at 22:58 +0100, Henning Markussen wrote:
> >> Hi
> >>
> >> I'm trying to close down some DNS servers that currently are open to
> >> recursive requests.
> >> They are ruining bind 9.2.4
> >>
> >> In this process my plan was to determine what clients are using the
> >> servers as recursive name servers.
> >>
> >> I've found the category resolver, client and queries
> >>
> >> queries logs the queries ok - but nothing gets into the resolver or
> >> client category
> >>
> >> channel queries_log {
> >> file "/var/log/queries.log" versions 5 size 5m;
> >> print-time yes;
> >> severity dynamic;
> >> };
> >>
> >> channel resolver_log {
> >> file "/var/log/resolver.log" versions 5 size 5m;
> >> print-time yes;
> >> severity dynamic;
> >> };
> >>
> >> channel client_log {
> >> file "/var/log/client.log" versions 5 size 5m;
> >> print-time yes;
> >> severity dynamic;
> >> };
> >>
> >> category client { client_log; };
> >> category queries { queries_log; };
> >> category resolver { resolver_log; };
> >>
> >> Is there a category where I can log if a request is to the authoritative
> >> or to the recursive, or am I just not using the categories correct?
> >>
> >> Thank you for any input or ideas
> >>
> >> - Henning
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list