BIND 9.2.1 more verbose logging of query (cache) denied

Jacob Anawalt jacob at cachevalley.com
Thu Feb 26 21:35:17 UTC 2004 

Greetings,

I am working with a couple name servers running BIND 9.2.1. I've 
configured the options section to only accept queries from my internal 
network, then I've configured the zone entries for each zone to allow 
queries from any server. Since doing that I have of course seen the 
logging of "query (cache) denied".

I have learned how through channels I can turn on logging of all 
queries, or suppress the messages of level info or lower on the security 
class.

It seems that logging all queries requires a restart of named instead of 
just a reload if I didn't start with that channel defined in a logging 
section. It is also very spammy and shows all the queries that worked.

Suppressing the "query (cache) denied" is something I want to do if I 
know that all of my zones are properly configured and accounted for. 
Occasionally I would like to do a quick audit and see what queries are 
being denied incase I have forgotten to add a zone definition.

Is there an option that I've overlooked that would turn "query (cache) 
denied" into "query (cache) denied for <query> from <ip>" without 
hacking it in and recompiling?

I was hoping that changing the debug level to 1 or 2 would do this, but 
extra information is not added until I get to debug level 3 and then it 
is more than I need and doesn't contain the "for <query>" information 
I'm looking for. I have tried various combinations of setting named's 
debug level and the log severity level.

Parts of named.conf:
---
options {
         directory "/var/named";
         allow-query {127.0.0.1; 192.168/16; };
         allow-transfer { none; };
};

logging {
         category lame-servers { null; };
         category security { "notice_syslog"; };
         channel "debug" {
                 file "/tmp/nameddbg" versions 2 size 50m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
         };
         channel "security_debug" {
                 file "/tmp/namedsec" versions 2 size 50m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
         };
         channel "notice_syslog" {
                 syslog daemon;
                 severity notice;
         };
};


zone "anawalt.org" {
    type slave;
    file "anawalt.org";
    allow-query { any; };
    allow-transfer { none; };
    masters {
       192.168.0.7;
    };
};
---

Thank you for your time and thoughts.

Jacob Anawalt

More information about the bind-users mailing list