Bind Named DNS - Getting Starting with Logging
by
Jeremy Canfield |
Updated: August 05 2021
| Bind Named DNS articles
By default, /etc/named.conf should have the following logging block.
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
This will append events to the named.run file, which is typically located at /var/named/data/named.run. Here is a sampling of what could be in the named.run file.
managed-keys-zone: loaded serial 1395
zone 0.in-addr.arpa/IN: loaded serial 0
zone localhost.localdomain/IN: loaded serial 0
zone example.com/IN: loaded serial 2016032200
zone 0.168.192.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone software.eng.us/IN: loaded serial 2016032200
zone localhost/IN: loaded serial 0
all zones loaded
running
error (unexpected RCODE REFUSED) resolving '108.134.55.202.in-addr.arpa/PTR/IN': 203.128.246.10#53
clients-per-query increased to 15
clients-per-query decreased to 14
Let's store the named logs in files below /var/log/named.
mkdir /var/log/named
chown named /var/log/named
chgrp named /var/log/named
Then update the logging block in /etc/named.conf to have the following.
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
And restart named for this change to take effect.
systemctl restart named
The /var/log/named/general.log should now contain something like this.
05-Aug-2021 08:06:08.796 managed-keys-zone: journal file is out of date: removing journal file
05-Aug-2021 08:06:08.796 managed-keys-zone: loaded serial 1398
05-Aug-2021 08:06:08.796 zone 0.in-addr.arpa/IN: loaded serial 0
05-Aug-2021 08:06:08.797 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
05-Aug-2021 08:06:08.798 zone software.eng.us/IN: loaded serial 2016032200
05-Aug-2021 08:06:08.799 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
05-Aug-2021 08:06:08.799 zone localhost.localdomain/IN: loaded serial 0
05-Aug-2021 08:06:08.799 zone example.com/IN: loaded serial 2016032200
05-Aug-2021 08:06:08.799 zone localhost/IN: loaded serial 0
05-Aug-2021 08:06:08.800 zone 0.168.192.in-addr.arpa/IN: loaded serial 0
05-Aug-2021 08:06:08.800 all zones loaded
05-Aug-2021 08:06:08.800 running
Did you find this article helpful?
If so, consider buying me a coffee over at