BIND DNS Enable audit logs - Authoritative
Chris Buxton
clists at buxtonfamily.us
Fri Jan 11 19:51:43 UTC 2019
>
> On Jan 11, 2019, at 11:33 AM, Dave Warren <dw at thedave.ca> wrote:
>
> On 2019-01-11 11:55, Kevin Darcy wrote:
>> I don't believe there is any logging category for this, even when zones are enabled for Dynamic Update, in which case the versioning is done automatically. There used to be a "journalprint" utility that one could run against the .jnl files to show the update history. But, even if the journaling mechanism and the "journalprint" utility still exist as I remember it, it would most likely only work for Dynamic-Update-enabled zones. I don't believe .jnl files are created for non-Dynamic-Update-enabled zones, although I could be wrong on that -- maybe named synthesizes .jnl files for purposes of IXFR (???).
>
> Interestingly enough, it does, but with some limitations/quirks that occasionally require you to manually delete your jnl file (and of course force a AXFR-style IXFR transfer in these situations).
That makes sense, since presumably the journal could only be generated during execution of "rndc reload" or "rndc reload <zone>".
Chris
More information about the bind-users
mailing list