Logging on a Bind server
borjam at sarenet.es
Tue Oct 20 15:34:01 UTC 2020
> On 20 Oct 2020, at 17:28, Rick Dicaire <kritek at gmail.com> wrote:
> On Tue, Oct 20, 2020 at 10:17 AM <Senthan.Sivasundaram at szkb.ch> wrote:
> Dear BIND-Users,
> Does someone has an idea, which log I have to activate.
> Do you have querylog enabled?
Querylog is not enough. It will tell you which clients are sending which queries, but not which queries
go to the Server Of Interest. It won’t log the queries the recursive server sends itself.
That’s a good use case for dnstap.
As a sort of desperate measure you can capture packets sent to the suspicious IP addresses (no need to
put the interface in promisc mode) and check which queries were sent to them.
More information about the bind-users