BIND DNS Enable audit logs - Authoritative
Tony Finch
dot at dotat.at
Tue Jan 8 12:05:10 UTC 2019
Daniel Dawalibi <daniel.dawalibi at idm.net.lb> wrote:
>
> Is it possible to enable the audit logs on BIND DNS so we can track changes
> performed on the DNS records level (Add/Delete/Modify A,MX,NS,. records)?
You can get that by default, depending on how the changes were performed.
If you use `nsupdate` or some other dynamic DNS UPDATE client, `named`
will log changes like this ...
08-Jan-2019 11:55:09.826 update: info:
client @0x55b747f47ec0 ::1#5685/key local-ddns:
updating zone 'private.cam.ac.uk/IN':
adding an RR at 'private.cam.ac.uk' SOA primary.dns.cam.ac.uk. hostmaster.cam.ac.uk. 1546948509 1800 900 604800 3600
08-Jan-2019 11:55:09.826 update: info:
client @0x55b747f47ec0 ::1#5685/key local-ddns:
updating zone 'private.cam.ac.uk/IN':
adding an RR at 'QQQQ.lcil.private.cam.ac.uk' A 172.22.QQ.QQ
The changes are also recorded in the zone's journal, which you can extract
like:
$ named-journalprint /home/named/zone/private.cam.ac.uk.jnl
[...]
del private.cam.ac.uk. 3600 IN SOA primary.dns.cam.ac.uk. hostmaster.cam.ac.uk. 1546944908 1800 900 604800 3600
add private.cam.ac.uk. 3600 IN SOA primary.dns.cam.ac.uk. hostmaster.cam.ac.uk. 1546948509 1800 900 604800 3600
add QQQQ.lcil.private.cam.ac.uk. 3600 IN A 172.22.QQ.QQ
You might want to use the `ixfr-from-differences` and `max-journal-size`
options if you care about preserving journal contents.
Alternatively, keep your zone contents in `git` or a database that keeps
an audit log :-)
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Mull of Galloway to Mull of Kintyre including the Firth of Clyde and North
Channel: Northwesterly 4 or 5, occasionally 6 at first in the North Channel,
becoming variable 3 or less. Moderate, becoming smooth or slight. Occasional
rain later. Good, occasionally moderate later.
More information about the bind-users
mailing list