ask about bind9 logging function: How can I log the service port number (eg. 53, 443, 853) in my log of `queries` category

Borja Marcos borjam at sarenet.es
Thu Dec 12 13:37:58 UTC 2024 


> On 26 Nov 2024, at 14:36, Petr Špaček <pspacek at isc.org> wrote:
> 
> On 26. 11. 24 10:08, n/a via bind-users wrote:
>> I am a new user in bind9.
>> I have setup my DNS server with port 53, port 443 (DoH), and port 853 (DoT). And now, in my logging file of `queries` category, one query example shows as below:
>> 26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000 111.11.11.109#61713 (ust.hk <http://ust.hk/>): query:ust.hk <http:// ust.hk/>IN A +E(0)TK (111.111.111.999)
>> For the|queries|​ log like this, how can I print the service port number used by the client? For example, for this|queries|​ log, what I want to get is with the service port number as below:
>> 26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000 111.11.11.109#61713 (ust.hk <http://ust.hk/>): query:ust.hk <http:// ust.hk/>IN A +E(0)TK (111.111.111.999#443)
>> 26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000 111.11.11.109#61713 (ust.hk <http://ust.hk/>): query:ust.hk <http:// ust.hk/>IN A +E(0)TK (111.111.111.999#853)
>> 26-Nov-2024 03:55:41.524 queries: info: client @0x7f21ba9b3000 111.11.11.109#61713 (ust.hk <http://ust.hk/>): query:ust.hk <http:// ust.hk/>IN A +E(0)K (111.111.111.999#53)
>> How should I set up the logging config options to log the service port number?
>> I have searched for this question on Google, and asked ChatGPT, but I only got answers to use other tools, like tcpdump. Is it possible to just config bind9 named.conf.* for this?
> 
> Currently this is not possible, but I guess it is a legit feature request.
> 
> Please log it formally at
> https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issuable_template=Feature_Request
> 
> and we will have to find out if this is an 'incompatible' change or not. I don't know how many people rely on precise query log format, and if we decide that it is an incompatible change we will have to put this into 9.21 branch only.

You can do an ugly hack. 

I think you can define different views associated to those service port numbers? In that case the query log line will include the view name.





Borja.

More information about the bind-users mailing list