Bind 9.2.4 and logging
Henning Markussen
hm at mib.dk
Wed Mar 5 19:22:40 UTC 2008
So it doesn't look like this is the way ...
Any other way to find out if it is a recursive request?
- Henning
Jeff Reasoner wrote:
> I don't know that the other categories are material to what you're
> trying to achieve. The logs will contain the source IP and query
> regardless of whether it was for in-zone (authoritative) data or
> answered out of cache.
>
> I did the same thing last summer with 9.4.1-P1 and the following in
> named.conf:
>
> channel bind-queries {
> file "/var/log/queries.log" versions 10 size 6m;
> severity info;
> };
>
> I also did some backend scripting to pull out the unique source IPs so I
> knew who I had to contact about changes.
>
> On Mon, 2008-03-03 at 22:58 +0100, Henning Markussen wrote:
>> Hi
>>
>> I'm trying to close down some DNS servers that currently are open to
>> recursive requests.
>> They are ruining bind 9.2.4
>>
>> In this process my plan was to determine what clients are using the
>> servers as recursive name servers.
>>
>> I've found the category resolver, client and queries
>>
>> queries logs the queries ok - but nothing gets into the resolver or
>> client category
>>
>> channel queries_log {
>> file "/var/log/queries.log" versions 5 size 5m;
>> print-time yes;
>> severity dynamic;
>> };
>>
>> channel resolver_log {
>> file "/var/log/resolver.log" versions 5 size 5m;
>> print-time yes;
>> severity dynamic;
>> };
>>
>> channel client_log {
>> file "/var/log/client.log" versions 5 size 5m;
>> print-time yes;
>> severity dynamic;
>> };
>>
>> category client { client_log; };
>> category queries { queries_log; };
>> category resolver { resolver_log; };
>>
>> Is there a category where I can log if a request is to the authoritative
>> or to the recursive, or am I just not using the categories correct?
>>
>> Thank you for any input or ideas
>>
>> - Henning
More information about the bind-users
mailing list