That seems interesting. I will look into that if I can't get bind's built-in logging system to do what I want.<br><br>thanks,<br>-wes<br><br><div class="gmail_quote">On Fri, Nov 28, 2008 at 11:23 AM, ivan jr sy <span dir="ltr"><<a href="mailto:ivan_jr@yahoo.com">ivan_jr@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
and why not use..<br>
<a href="https://www.dns-oarc.net/tools/dnscap" target="_blank">https://www.dns-oarc.net/tools/dnscap</a><br>
<br>
dnscap -m q -e y -c 100 -w /path/file<br>
<br>
captures:<br>
- queries only<br>
- errors only<br>
- after 100 packets where conditions are met<br>
- write it to a file..<br>
<br>
<br>
Enjoy!<br>
<br>
--- On Sat, 11/29/08, ivan jr sy <<a href="mailto:ivan_jr@yahoo.com">ivan_jr@yahoo.com</a>> wrote:<br>
<br>
> From: ivan jr sy <<a href="mailto:ivan_jr@yahoo.com">ivan_jr@yahoo.com</a>><br>
> Subject: Re: logging query results<br>
> To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>, "wes" <<a href="mailto:bind@the-wes.com">bind@the-wes.com</a>><br>
> Date: Saturday, November 29, 2008, 7:56 AM<br>
<div><div></div><div class="Wj3C7c">> looks like an OK config for me.<br>
> - you should be able to view the name being queried and<br>
> from what source IP<br>
> - debug10 = view the actual query (similar to dig)<br>
> so you can grep the NXDOMAIN or the ANSWER<br>
><br>
> are you able to view the log file? did it log the start-up<br>
> processes of BIND? you should be able to see tons and tons<br>
> of log messages even just on startup of named.<br>
><br>
> note that logging queries will significantly impact the<br>
> query response rate of the server. its a no no for<br>
> production. on the other hand, your tcpdump script sounds<br>
> elegant...<br>
><br>
><br>
> --- On Sat, 11/29/08, wes <<a href="mailto:bind@the-wes.com">bind@the-wes.com</a>> wrote:<br>
><br>
> > From: wes <<a href="mailto:bind@the-wes.com">bind@the-wes.com</a>><br>
> > Subject: logging query results<br>
> > To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> > Date: Saturday, November 29, 2008, 7:08 AM<br>
> > I would like to know if it's possible to log the<br>
> output<br>
> > of each dns query.<br>
> > I'd like to do this to catch failed queries so I<br>
> can<br>
> > see what people are<br>
> > looking for, and not finding, and add it for them if<br>
> it<br>
> > should be there. I<br>
> > recently lost my old dns server so I have to start<br>
> from<br>
> > scratch.<br>
> ><br>
> > This is my current logging configuration:<br>
> ><br>
> > logging {<br>
> > channel log {<br>
> > file "/var/log/named/named.log"<br>
> > versions 10<br>
> > size 100m;<br>
> > severity debug 9999;<br>
> > print-time yes;<br>
> > print-severity yes;<br>
> > print-category yes;<br>
> > };<br>
> > category default { log; };<br>
> > category queries { log; };<br>
> > };<br>
> ><br>
> > as far as I can tell, this is set up to log everything<br>
> > ever. but, I still<br>
> > don't get the actual query result in the log. Is<br>
> there<br>
> > a way to do this?<br>
> ><br>
> > If not, that's ok, I'll set up a tcpdump<br>
> script to<br>
> > do it. but I thought I<br>
> > would make sure there isn't a built-in method in<br>
> bind<br>
> > first.<br>
> ><br>
> > thanks for any advice.<br>
> ><br>
> > -wes<br>
> > _______________________________________________<br>
> > bind-users mailing list<br>
> > <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> > <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> bind-users mailing list<br>
> <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
<br>
<br>
<br>
</div></div></blockquote></div><br>