logging query results

wes bind at the-wes.com
Fri Nov 28 19:28:16 UTC 2008 

thanks for the info. I do indeed see tons and tons of messages from named. I
even see the query itself (what people are asking for). Just not the result.
It seems like I get everything except the result.

-wes

On Fri, Nov 28, 2008 at 10:56 AM, ivan jr sy <ivan_jr at yahoo.com> wrote:

> looks like an OK config for me.
> - you should be able to view the name being queried and from what source IP
> - debug10 = view the actual query (similar to dig)
> so you can grep the NXDOMAIN or the ANSWER
>
> are you able to view the log file? did it log the start-up processes of
> BIND? you should be able to see tons and tons of log messages even just on
> startup of named.
>
> note that logging queries will significantly impact the query response rate
> of the server. its a no no for production. on the other hand, your tcpdump
> script sounds elegant...
>
>
> --- On Sat, 11/29/08, wes <bind at the-wes.com> wrote:
>
> > From: wes <bind at the-wes.com>
> > Subject: logging query results
> > To: bind-users at lists.isc.org
> > Date: Saturday, November 29, 2008, 7:08 AM
> > I would like to know if it's possible to log the output
> > of each dns query.
> > I'd like to do this to catch failed queries so I can
> > see what people are
> > looking for, and not finding, and add it for them if it
> > should be there. I
> > recently lost my old dns server so I have to start from
> > scratch.
> >
> > This is my current logging configuration:
> >
> > logging {
> >     channel log {
> >        file "/var/log/named/named.log"
> >             versions 10
> >             size 100m;
> >        severity debug 9999;
> >        print-time yes;
> >        print-severity yes;
> >        print-category yes;
> >     };
> >     category default { log; };
> >     category queries { log; };
> > };
> >
> > as far as I can tell, this is set up to log everything
> > ever. but, I still
> > don't get the actual query result in the log. Is there
> > a way to do this?
> >
> > If not, that's ok, I'll set up a tcpdump script to
> > do it. but I thought I
> > would make sure there isn't a built-in method in bind
> > first.
> >
> > thanks for any advice.
> >
> > -wes
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081128/1f85f70e/attachment.html>

More information about the bind-users mailing list