Bind Named DNS - Append DNS queries to /var/log/message with Bind
by
Jeremy Canfield |
Updated: August 05 2021
| Bind Named DNS articles
By default, BIND will not append DNS queries to /var/log/messages. First, you are going to want to determine if you are using version 8 or version 9 of Bind.
named -v
If you are using version 8 of Bind, issue this command to append DNS queries to /var/log/messages.
ndc querylog
If you are using version 9 of Bind, issue this command to append DNS queries to /var/log/messages.
rndc querylog
The following should be displayed in /var/log/messages.
Aug 30 06:28:35 dns1 named[1099]: received control channel command 'querylog'
Aug 30 06:28:35 dns1 named[1099]: query logging is now on
Likewise, once there is a DNS query, /var/log/messages should have something like this.
Aug 30 06:28:45 dns1 named[1099]: client 192.168.0.15#37974 (server1.example.com): query: server1.example.com IN A + (192.168.0.6)
Aug 30 06:28:45 dns1 named[1099]: client 192.168.0.15#37974 (server1.example.com): query: server1.example.com IN AAAA + (192.168.0.6)
Disable query log
You simply reissue the querylog command to no long append DNS queries to /var/log/messages.
Version 8 of Bind.
ndc querylog
Version 9 of Bind.
rndc querylog
The following should be display in /var/log/messages.
Aug 30 06:31:39 dns1 named[1099]: received control channel command 'querylog'
Aug 30 06:31:39 dns1 named[1099]: query logging is now off
Did you find this article helpful?
If so, consider buying me a coffee over at