Good point, I had only used rndc reload to activate the changes to the conf file. The changes definitely took effect at that point, as I could then see all the debug messages in the log. But, I tried a stop && start (had to use /etc/init.d/bind9 because rndc doesn't have a start command for some reason) and I get the same behavior. Here is a sample output from 1 entire transaction. This was generated after running "host <a href="http://www.solestruck.com">www.solestruck.com</a> localhost"<br>
<br># grep <a href="http://127.0.0.1#32999">127.0.0.1#32999</a> named.log<br>28-Nov-2008 11:48:53.063 general: debug 60: socket 0xb7f2f148 <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: packet received correctly<br>
28-Nov-2008 11:48:53.063 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: UDP request<br>28-Nov-2008 11:48:53.063 client: debug 5: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: using view '_default'<br>
28-Nov-2008 11:48:53.063 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: request is not signed<br>28-Nov-2008 11:48:53.063 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: recursion available<br>
28-Nov-2008 11:48:53.063 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query<br>28-Nov-2008 11:48:53.064 queries: info: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query: <a href="http://www.solestruck.com">www.solestruck.com</a> IN A +<br>
28-Nov-2008 11:48:53.064 client: debug 10: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: ns_client_attach: ref = 1<br>28-Nov-2008 11:48:53.064 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query '<a href="http://www.solestruck.com/A/IN">www.solestruck.com/A/IN</a>' approved<br>
28-Nov-2008 11:48:53.064 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: send<br>28-Nov-2008 11:48:53.064 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: sendto<br>
28-Nov-2008 11:48:53.064 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: senddone<br>28-Nov-2008 11:48:53.064 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: next<br>
28-Nov-2008 11:48:53.064 client: debug 10: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: ns_client_detach: ref = 0<br>28-Nov-2008 11:48:53.064 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: endrequest<br>
28-Nov-2008 11:48:53.065 general: debug 60: socket 0xb7f2f148 <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: packet received correctly<br>28-Nov-2008 11:48:53.065 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: UDP request<br>
28-Nov-2008 11:48:53.065 client: debug 5: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: using view '_default'<br>28-Nov-2008 11:48:53.065 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: request is not signed<br>
28-Nov-2008 11:48:53.065 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: recursion available<br>28-Nov-2008 11:48:53.065 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query<br>
28-Nov-2008 11:48:53.065 queries: info: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query: <a href="http://www.solestruck.com">www.solestruck.com</a> IN AAAA +<br>28-Nov-2008 11:48:53.065 client: debug 10: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: ns_client_attach: ref = 1<br>
28-Nov-2008 11:48:53.065 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query '<a href="http://www.solestruck.com/AAAA/IN">www.solestruck.com/AAAA/IN</a>' approved<br>28-Nov-2008 11:48:53.065 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: send<br>
28-Nov-2008 11:48:53.065 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: sendto<br>28-Nov-2008 11:48:53.065 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: senddone<br>
28-Nov-2008 11:48:53.065 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: next<br>28-Nov-2008 11:48:53.065 client: debug 10: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: ns_client_detach: ref = 0<br>
28-Nov-2008 11:48:53.065 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: endrequest<br>28-Nov-2008 11:48:53.066 general: debug 60: socket 0xb7f2f148 <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: packet received correctly<br>
28-Nov-2008 11:48:53.066 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: UDP request<br>28-Nov-2008 11:48:53.066 client: debug 5: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: using view '_default'<br>
28-Nov-2008 11:48:53.066 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: request is not signed<br>28-Nov-2008 11:48:53.066 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: recursion available<br>
28-Nov-2008 11:48:53.066 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query<br>28-Nov-2008 11:48:53.066 queries: info: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query: <a href="http://www.solestruck.com">www.solestruck.com</a> IN MX +<br>
28-Nov-2008 11:48:53.066 client: debug 10: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: ns_client_attach: ref = 1<br>28-Nov-2008 11:48:53.066 security: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: query '<a href="http://www.solestruck.com/MX/IN">www.solestruck.com/MX/IN</a>' approved<br>
28-Nov-2008 11:48:53.066 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: send<br>28-Nov-2008 11:48:53.066 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: sendto<br>
28-Nov-2008 11:48:53.066 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: senddone<br>28-Nov-2008 11:48:53.066 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: next<br>
28-Nov-2008 11:48:53.066 client: debug 10: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: ns_client_detach: ref = 0<br>28-Nov-2008 11:48:53.066 client: debug 3: client <a href="http://127.0.0.1#32999">127.0.0.1#32999</a>: endrequest<br>
<br>thanks for the pointer. Any other ideas?<br><br>-wes<br><br><div class="gmail_quote">On Fri, Nov 28, 2008 at 10:31 AM, Ben Croswell <span dir="ltr"><<a href="mailto:ben.croswell@gmail.com">ben.croswell@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">If you didn't actually do a stop and start, you may want to do that or an rndc query to kickstart the query logs.<br>
<br><br><div class="gmail_quote"><div><div></div><div class="Wj3C7c">On Fri, Nov 28, 2008 at 1:08 PM, wes <span dir="ltr"><<a href="mailto:bind@the-wes.com" target="_blank">bind@the-wes.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div></div><div class="Wj3C7c">I would like to know if it's possible to log the output of each dns query. I'd like to do this to catch failed queries so I can see what people are looking for, and not finding, and add it for them if it should be there. I recently lost my old dns server so I have to start from scratch.<br>
<br>This is my current logging configuration:<br><br>logging {<br> channel log {<br> file "/var/log/named/named.log"<br> versions 10<br> size 100m;<br> severity debug 9999;<br>
print-time yes;<br> print-severity yes;<br> print-category yes;<br> };<br> category default { log; };<br> category queries { log; };<br>};<br><br>as far as I can tell, this is set up to log everything ever. but, I still don't get the actual query result in the log. Is there a way to do this?<br>
<br>If not, that's ok, I'll set up a tcpdump script to do it. but I thought I would make sure there isn't a built-in method in bind first.<br><br>thanks for any advice.<br><font color="#888888"><br>-wes<br>
</font><br></div></div>_______________________________________________<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br></blockquote></div><br><br clear="all"><br>-- <br><font color="#888888">-Ben Croswell<br>
</font></blockquote></div><br>