logging on bind 9

[Jim Reid]

>>>>> "Jim" == Jim Pazarena <bind at ccstores.com> writes:

    Jim> what command/directive can I place in my conf file so that
    Jim> each and every dns request gets logged?

Enable query logging:

       logging {
		...
		
		channel query_logging {
			file "querylogs/qlog"
			versions 30 size 5M;
			/* keep up to 30 qlog files of 5 Mbytes */
			print-time yes;
        	};

	        category queries {
        	        query_logging;
        	};
	;
		
    Jim> and further, is it possible to also log when a particular
    Jim> view has been offered to the requester?

Sort of. The query logs will show the source address of the query. So
if you're using that to do view selection, the info in the logs will
tell you which view the client sees.

Here's some query log entries:

22-Feb-2005 00:56:33.855 client 195.54.233.67#50683: query: kyoto.apricot.net IN SOA +
22-Feb-2005 00:57:22.663 client 204.152.184.64#53615: query: rfc1034.net IN SOA -E
22-Feb-2005 00:57:37.662 client 204.152.184.64#53615: query: rfc1034.net IN SOA -
22-Feb-2005 00:57:53.088 client 204.152.184.64#60783: query: rfc1034.net IN IXFR -

The entries should be clear enough: the date and time the query was
received; the source IP address and port number used by the client;
and the name, class and qtype. The final field shows if the query had
the rd (recursion desired) bit set (+) or not (-) -- typically showing
if the query came from a name server or stub resolver -- or if EDNS0
(E) was used.