BIND 9.2.1 more verbose logging of query (cache) denied
Jacob Anawalt
jacob at cachevalley.com
Thu Feb 26 21:35:17 UTC 2004
Greetings,
I am working with a couple name servers running BIND 9.2.1. I've
configured the options section to only accept queries from my internal
network, then I've configured the zone entries for each zone to allow
queries from any server. Since doing that I have of course seen the
logging of "query (cache) denied".
I have learned how through channels I can turn on logging of all
queries, or suppress the messages of level info or lower on the security
class.
It seems that logging all queries requires a restart of named instead of
just a reload if I didn't start with that channel defined in a logging
section. It is also very spammy and shows all the queries that worked.
Suppressing the "query (cache) denied" is something I want to do if I
know that all of my zones are properly configured and accounted for.
Occasionally I would like to do a quick audit and see what queries are
being denied incase I have forgotten to add a zone definition.
Is there an option that I've overlooked that would turn "query (cache)
denied" into "query (cache) denied for <query> from <ip>" without
hacking it in and recompiling?
I was hoping that changing the debug level to 1 or 2 would do this, but
extra information is not added until I get to debug level 3 and then it
is more than I need and doesn't contain the "for <query>" information
I'm looking for. I have tried various combinations of setting named's
debug level and the log severity level.
Parts of named.conf:
---
options {
directory "/var/named";
allow-query {127.0.0.1; 192.168/16; };
allow-transfer { none; };
};
logging {
category lame-servers { null; };
category security { "notice_syslog"; };
channel "debug" {
file "/tmp/nameddbg" versions 2 size 50m;
print-time yes;
print-category yes;
print-severity yes;
};
channel "security_debug" {
file "/tmp/namedsec" versions 2 size 50m;
print-time yes;
print-category yes;
print-severity yes;
};
channel "notice_syslog" {
syslog daemon;
severity notice;
};
};
zone "anawalt.org" {
type slave;
file "anawalt.org";
allow-query { any; };
allow-transfer { none; };
masters {
192.168.0.7;
};
};
---
Thank you for your time and thoughts.
Jacob Anawalt
More information about the bind-users
mailing list