logging query results

Fri Nov 28 19:52:13 UTC 2008

Good point, I had only used rndc reload to activate the changes to the conf
file. The changes definitely took effect at that point, as I could then see
all the debug messages in the log. But, I tried a stop && start (had to use
/etc/init.d/bind9 because rndc doesn't have a start command for some reason)
and I get the same behavior. Here is a sample output from 1 entire
transaction. This was generated after running "host www.solestruck.comlocalhost"

# grep 127.0.0.1#32999 named.log
28-Nov-2008 11:48:53.063 general: debug 60: socket 0xb7f2f148
127.0.0.1#32999: packet received correctly
28-Nov-2008 11:48:53.063 client: debug 3: client 127.0.0.1#32999: UDP
request
28-Nov-2008 11:48:53.063 client: debug 5: client 127.0.0.1#32999: using view
'_default'
28-Nov-2008 11:48:53.063 security: debug 3: client 127.0.0.1#32999: request
is not signed
28-Nov-2008 11:48:53.063 security: debug 3: client 127.0.0.1#32999:
recursion available
28-Nov-2008 11:48:53.063 client: debug 3: client 127.0.0.1#32999: query
28-Nov-2008 11:48:53.064 queries: info: client 127.0.0.1#32999: query:
www.solestruck.com IN A +
28-Nov-2008 11:48:53.064 client: debug 10: client 127.0.0.1#32999:
ns_client_attach: ref = 1
28-Nov-2008 11:48:53.064 security: debug 3: client 127.0.0.1#32999: query '
www.solestruck.com/A/IN' approved
28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: send
28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: sendto
28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: senddone
28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: next
28-Nov-2008 11:48:53.064 client: debug 10: client 127.0.0.1#32999:
ns_client_detach: ref = 0
28-Nov-2008 11:48:53.064 client: debug 3: client 127.0.0.1#32999: endrequest
28-Nov-2008 11:48:53.065 general: debug 60: socket 0xb7f2f148
127.0.0.1#32999: packet received correctly
28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: UDP
request
28-Nov-2008 11:48:53.065 client: debug 5: client 127.0.0.1#32999: using view
'_default'
28-Nov-2008 11:48:53.065 security: debug 3: client 127.0.0.1#32999: request
is not signed
28-Nov-2008 11:48:53.065 security: debug 3: client 127.0.0.1#32999:
recursion available
28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: query
28-Nov-2008 11:48:53.065 queries: info: client 127.0.0.1#32999: query:
www.solestruck.com IN AAAA +
28-Nov-2008 11:48:53.065 client: debug 10: client 127.0.0.1#32999:
ns_client_attach: ref = 1
28-Nov-2008 11:48:53.065 security: debug 3: client 127.0.0.1#32999: query '
www.solestruck.com/AAAA/IN' approved
28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: send
28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: sendto
28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: senddone
28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: next
28-Nov-2008 11:48:53.065 client: debug 10: client 127.0.0.1#32999:
ns_client_detach: ref = 0
28-Nov-2008 11:48:53.065 client: debug 3: client 127.0.0.1#32999: endrequest
28-Nov-2008 11:48:53.066 general: debug 60: socket 0xb7f2f148
127.0.0.1#32999: packet received correctly
28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: UDP
request
28-Nov-2008 11:48:53.066 client: debug 5: client 127.0.0.1#32999: using view
'_default'
28-Nov-2008 11:48:53.066 security: debug 3: client 127.0.0.1#32999: request
is not signed
28-Nov-2008 11:48:53.066 security: debug 3: client 127.0.0.1#32999:
recursion available
28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: query
28-Nov-2008 11:48:53.066 queries: info: client 127.0.0.1#32999: query:
www.solestruck.com IN MX +
28-Nov-2008 11:48:53.066 client: debug 10: client 127.0.0.1#32999:
ns_client_attach: ref = 1
28-Nov-2008 11:48:53.066 security: debug 3: client 127.0.0.1#32999: query '
www.solestruck.com/MX/IN' approved
28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: send
28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: sendto
28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: senddone
28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: next
28-Nov-2008 11:48:53.066 client: debug 10: client 127.0.0.1#32999:
ns_client_detach: ref = 0
28-Nov-2008 11:48:53.066 client: debug 3: client 127.0.0.1#32999: endrequest

thanks for the pointer. Any other ideas?

-wes

On Fri, Nov 28, 2008 at 10:31 AM, Ben Croswell <ben.croswell at gmail.com>wrote:

> If you didn't actually do a stop and start, you may want to do that or an
> rndc query to kickstart the query logs.
>
>
> On Fri, Nov 28, 2008 at 1:08 PM, wes <bind at the-wes.com> wrote:
>
>> I would like to know if it's possible to log the output of each dns query.
>> I'd like to do this to catch failed queries so I can see what people are
>> looking for, and not finding, and add it for them if it should be there. I
>> recently lost my old dns server so I have to start from scratch.
>>
>> This is my current logging configuration:
>>
>> logging {
>>     channel log {
>>        file "/var/log/named/named.log"
>>             versions 10
>>             size 100m;
>>        severity debug 9999;
>>        print-time yes;
>>        print-severity yes;
>>        print-category yes;
>>     };
>>     category default { log; };
>>     category queries { log; };
>> };
>>
>> as far as I can tell, this is set up to log everything ever. but, I still
>> don't get the actual query result in the log. Is there a way to do this?
>>
>> If not, that's ok, I'll set up a tcpdump script to do it. but I thought I
>> would make sure there isn't a built-in method in bind first.
>>
>> thanks for any advice.
>>
>> -wes
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
>
>
> --
> -Ben Croswell
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081128/ddf53434/attachment.html>