dnstap shows little logging at debug 10

Adam Augustine augustineas at gmail.com
Mon Mar 1 23:30:56 UTC 2021

 I can't seem to get any debug information out of BIND for troubleshooting
a dnstap problem I am having.

I have a CentOS 8.3.2011 VM with the COPR packages installed.

My /etc/opt/isc/scls/isc-bind/named.conf :
options {
        directory "/var/opt/isc/scls/isc-bind/named/data";
        listen-on { any; };
        listen-on-v6 { any; };
        dnssec-validation auto;
        dnstap {all;};
//      dnstap-output unix
        dnstap-output unix
        dnstap-identity "dnstap01.ldschurch.org";
        dnstap-version "bind-9.16.12";

logging {
     channel dnstap_log {
          file "/var/opt/isc/scls/isc-bind/log/named/dnstap" versions 3
size 20m;
          print-time yes;
          print-category yes;
          print-severity yes;
          severity debug 10;
     category dnstap { dnstap_log; default_debug; };

On startup, the /var/opt/isc/scls/isc-bind/log/named/dnstap file is
created, but no information is logged:

 4 -rw-r--r--. 1 named named system_u:object_r:named_log_t:s0        54 Mar
 1 16:23 dnstap

This is despite /var/log/messages having the following line:

 opening dnstap destination

Which I would have expected to see logged in
/var/opt/isc/scls/isc-bind/log/named/dnstap . On shutdown, this single
entry is logged in /var/opt/isc/scls/isc-bind/log/named/dnstap:

01-Mar-2021 16:23:31.597 dnstap: info: closing dnstap

There is nothing relevant in /var/log/audit/audit.log, so I don't think it
is SELinux related, especially since there is successful log entry on

I have tried changing the severity level from "info", to "debug 1", to
"debug 3", and then to "debug 10", but I can't seem to get any more
information out other than the single message about "closing dnstap".

Any idea what I am doing wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210301/b13ae959/attachment.htm>

More information about the bind-users mailing list