Logging version.bind queries only?
Doug Barton
DougB at DougBarton.net
Mon Nov 4 10:29:11 UTC 2002
On Mon, 4 Nov 2002 gschmid at notes.cc.sunysb.edu wrote:
>
> What is the minimal amount of logging required to get version.bind queries
> logged?
Create a bind zone file, and a bind zone entry in named.conf with an allow
transfer directive. Also, if you are using bind 9 then you will need a
CHAOS view, but it's not hard to do. Here is a minimally functional
configuration for bind 8:
zone file bind.db:
$TTL 1h
bind. CHAOS SOA localhost. hostmaster.yahoo-inc.com. (
42 1d 12h 1w 10m )
; Serial, Refresh, Retry, Expire, Neg. cache TTL
NS localhost.
version TXT "Blah"
(you should either create a localhost. zone, or change the NS and MNAME)
named.conf:
acl trusted { localhost; localnets; }; // Change this to suit
zone "bind" chaos { type master; file "master/bind.db";
allow-transfer { none; };
allow-query { trusted; };
};
Now, anyone not in the trusted acl will generate a log message when they
try to query you.
HTH,
Doug
More information about the bind-users
mailing list