Can Query Logging in bind9 go to a Separate File?
Ben Croswell
ben.croswell at gmail.com
Wed Oct 1 14:14:26 UTC 2008
You can put query logging off to its' own channel and put that to a separate
log file.
logging {
On Wed, Oct 1, 2008 at 6:52 AM, Martin McCormick
<martin at dc.cis.okstate.edu>wrote:
> We've got a busy DNS that sometimes receives 1-million
> queries per hour so I am going at this _carefully_. The object
> here is to save a minute or so's worth of queries and then check
> to see if certain systems have made queries. This sounds like an
> Orwellian scheme, but the idea is to listen for silence. If our
> 9 Microsoft Exchange servers haven't asked bind for something in
> a minute, probably much less, something is terribly wrong. This
> could be either with the servers themselves or the network
> connection giving them access to the DNS. Right now, I am not
> worried about that. I would like to have a stream or file of
> nothing but queries to essentially grep it for client addresses.
> If we see them, the servers are doing something. If not, raise
> the alarm!
>
> I turned query logging on on a test system and did a
> couple of queries and the log entry is what we need but it is
> also in the same log file as zone transfers and updates. On our
> busy DNS, I would like to capture the query logs, check them for
> the addresses of critical systems, and then discard them as this
> could be like filling up thimbles from a fire hose.
>
> The other possibility might be to set up a slave DNS or
> slaves to serve only those systems we are monitoring but that
> starts to possibly introduce more chances for mishaps than it
> would prevent. The older I get, the more I hate needless
> complexity. It makes it harder to fix at 3 o'clock in the
> morning when the phone rings.
>
> Thanks for any ideas, especially on whether it is
> possible to isolate just queries in somewhat the same way the
> security log is handled.
>
> Martin McCormick WB5AGZ Stillwater, OK
> Systems Engineer
> OSU Information Technology Department Telecommunications Services Group
>
>
--
-Ben Croswell
More information about the bind-users
mailing list