[Bind-users] Limited visibility
Remko Lodder
remko at elvandar.org
Wed Jan 28 19:30:33 UTC 2004
*sigh* you are not an idiot, i praise you
since you DARE to ask something you dont
understand, thats good, dont feel like an idiot
ok ;)
you can use tcpdump -n -i $iface dst port 53
for hardcore dumping packages (perhaps use -X as well)
or you can add this to your named.conf
category queries { "default_syslog"; };
in the section logging
this works for bind9
if you use bind8 you can also use ndc querylog on
to get the same
cheers
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van: Geoff Austin [mailto:geoff at w-sys.co.uk]
Verzonden: woensdag 28 januari 2004 20:24
Aan: Remko Lodder
CC: comp-protocols-dns-bind at isc.org
Onderwerp: RE: [Bind-users] Limited visibility
On Tue, 2004-01-27 at 19:44, Remko Lodder wrote:
> do you see any incoming packets from them?
> do you see the packets outgoing on the remote machine
>
> do you see anything at all in your logs?
>
> --
>
Now I'm going to sound like an idiot, but here goes...
How would I see incoming and outgoing packets? Do I need to use
something like Ethereal?
The only log file I can find with dns messages in is /var/log/messages.
This has startup and shutdown messages in and message pairs like:
Jan 28 07:36:09 dns named[13745]: client 82.68.177.94#34976:
updating zone 'w-sys.co.uk/IN': update failed: 'RRset exists (value
dependent)' prerequisite not satisfied (NXRRSET)
Jan 28 07:36:09 dns named[13745]: client 82.68.177.94#34650: update
'w-sys.co.uk/IN' denied
Do I need to look somewhere else, or perhaps switch on some level of
debug?
More information about the bind-users
mailing list