Where are ISC docs for log file codings?
Brett Delmage
Brett at BrettDelmage.ca
Mon Mar 3 19:45:34 UTC 2025
On Mon, 3 Mar 2025, Michael Richardson wrote:
> Brett Delmage via bind-users <bind-users at lists.isc.org> wrote:
> > Specifically for me now that's the query log including the flags. But it
> > could be other log files too at times. I am running DNSSEC and primary,
> > secondary, and internal resolving servers so many logs are of interest at
> > different times.
>
> If you are having DNSSEC problems, then you may find
> https://dnsviz.net/d/brettdelmage.ca/dnssec/
>
> useful. BTW: I don't see anything wrong there.
> Are you having problems with others resolving your domain, or problems with
> another domain?
Thanks. I was actually just trying to debug acme.sh DNS-01 cert
generation. Cert gen works fine with the the LE test/staging server but
unreliably with the real LE server.
While debugging I realized I was not 100% certain on the flags and other
fields in the query log and sought to expand my knowledge. I know the
flags field corresponds to flags in the DNS protocol and dig man
page, but I'm only guessing the query log's single-character
representation, and some other fields.
It seems to me that it would be useful for ISC to have a page explaining
the log file formats, if I have simply not found it. I searched this
list's archives before posting, too.
(I think the LE server DNS-01 authentication query may not be reaching my
BIND server due to some very heavy packet filtering I use. So I was
debugging that using multitail on both update.log and query.log to watch
the DNS action. acme.sh DNS-01 challenges have worked fine for me for
years on various servers so something has changed or I am making a stupid
mistake. But that's not BIND-related. Anyone know the best forum for
asking an acme.sh question?)
Brett
More information about the bind-users
mailing list