BIND DNS Enable audit logs - Authoritative
Dave Warren
dw at thedave.ca
Fri Jan 11 19:33:17 UTC 2019
On 2019-01-11 11:55, Kevin Darcy wrote:
> I don't believe there is any logging category for this, even when zones
> are enabled for Dynamic Update, in which case the versioning is done
> automatically. There used to be a "journalprint" utility that one could
> run against the .jnl files to show the update history. But, even if the
> journaling mechanism and the "journalprint" utility still exist as I
> remember it, it would most likely only work for Dynamic-Update-enabled
> zones. I don't believe .jnl files are created for
> non-Dynamic-Update-enabled zones, although I could be wrong on that --
> maybe named synthesizes .jnl files for purposes of IXFR (???).
Interestingly enough, it does, but with some limitations/quirks that
occasionally require you to manually delete your jnl file (and of course
force a AXFR-style IXFR transfer in these situations).
I don't recall the exact trigger, I think it related to when a zone is
updated when BIND is offline (or at least, my notes say that it happens
when the billing system removes a zone from named.conf and later re-adds
the same zone). I do have something monitoring the log to detect the
situation and clear the appropriate jnl files, such that if there are
other situations where this occurs, I wouldn't notice.
More information about the bind-users
mailing list