logging query results

ivan jr sy ivan_jr at yahoo.com
Fri Nov 28 19:23:44 UTC 2008 

and why not use..
https://www.dns-oarc.net/tools/dnscap

dnscap -m q -e y -c 100 -w /path/file

captures:
- queries only
- errors only
- after 100 packets where conditions are met
- write it to a file..


Enjoy!

--- On Sat, 11/29/08, ivan jr sy <ivan_jr at yahoo.com> wrote:

> From: ivan jr sy <ivan_jr at yahoo.com>
> Subject: Re: logging query results
> To: bind-users at lists.isc.org, "wes" <bind at the-wes.com>
> Date: Saturday, November 29, 2008, 7:56 AM
> looks like an OK config for me.
> - you should be able to view the name being queried and
> from what source IP
> - debug10 = view the actual query (similar to dig)
> so you can grep the NXDOMAIN or the ANSWER
> 
> are you able to view the log file? did it log the start-up
> processes of BIND? you should be able to see tons and tons
> of log messages even just on startup of named.
> 
> note that logging queries will significantly impact the
> query response rate of the server. its a no no for
> production. on the other hand, your tcpdump script sounds
> elegant...
> 
> 
> --- On Sat, 11/29/08, wes <bind at the-wes.com> wrote:
> 
> > From: wes <bind at the-wes.com>
> > Subject: logging query results
> > To: bind-users at lists.isc.org
> > Date: Saturday, November 29, 2008, 7:08 AM
> > I would like to know if it's possible to log the
> output
> > of each dns query.
> > I'd like to do this to catch failed queries so I
> can
> > see what people are
> > looking for, and not finding, and add it for them if
> it
> > should be there. I
> > recently lost my old dns server so I have to start
> from
> > scratch.
> > 
> > This is my current logging configuration:
> > 
> > logging {
> >     channel log {
> >        file "/var/log/named/named.log"
> >             versions 10
> >             size 100m;
> >        severity debug 9999;
> >        print-time yes;
> >        print-severity yes;
> >        print-category yes;
> >     };
> >     category default { log; };
> >     category queries { log; };
> > };
> > 
> > as far as I can tell, this is set up to log everything
> > ever. but, I still
> > don't get the actual query result in the log. Is
> there
> > a way to do this?
> > 
> > If not, that's ok, I'll set up a tcpdump
> script to
> > do it. but I thought I
> > would make sure there isn't a built-in method in
> bind
> > first.
> > 
> > thanks for any advice.
> > 
> > -wes
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
>       
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list