BIND logging to event viewer (windows)

Fri Oct 28 07:59:30 UTC 2005

Sometimes it helps to read the BIND FAQ, here's a quote:
----
Q: I get warning messages like "zone example.com/IN <http://example.com/IN>:
refresh: failure trying
master 1.2.3.4#53: timed out".

A: Check that you can make UDP queries from the slave to the master

dig +norec example.com <http://example.com> soa @1.2.3.4 <http://1.2.3.4>

You could be generating queries faster than the slave can cope with. Lower
the serial query rate.

serial-query-rate 5; // default 20
----

Replace 1.2.3.4 <http://1.2.3.4> with 65.200.108.33 <http://65.200.108.33>and
example.com <http://example.com> for one of the zones which your server is a
slave for (and 65.200.... is the master) in the dig statement.

On 10/26/05, Josh Hyles <josh.maillists at gmail.com> wrote:
>
> sorry for the delay in reply, i havent checked this email in forever,
> but here is the info you are asking about...
>
> zone theborgata.org/IN <http://theborgata.org/IN>: refresh: retry limit
> for master
> 65.200.108.33#53 exceeded
> zone theborgata.org/IN <http://theborgata.org/IN>: refresh: failure trying
> master
> 65.200.108.33#53: timed out
>
> Those are two exaples of messages I get. I dont know why it would
> error out as the machine is always up. But it would be nice if all
> this was logged to a file... here is the top of the config file as
> well...
>
> #
> # Example config created by SilentRage @ www.dollardns.net<http://www.dollardns.net>
> #
> # Requires:
> # http://www.dollardns.net/bind/named.ca
> # http://www.dollardns.net/bind/basiczone.com.zone
> # http://www.dollardns.net/bind/127.0.0.rev
> #
> options {
> # Set the working directory from which all relative paths are based
> # For the win2k default install: "C:\WINNT\system32\dns\etc"
> #
> directory "C:\WINDOWS\system32\dns\etc\zones";
>
> # RECURSION - Required for caching servers
> # Default: yes
> # Values : yes, no
> #
> # yes: Attempt to resolve requests we are not authoritative for
> # no : Do not resolve requests we are not authoritative for
> #
> recursion yes;
>
> # ALLOW-RECURSION - Who may use our caching server?
> # Default: any;
> # Values : any, none, (addresslist)
> #
> # any : anybody may use the caching server
> # none : noone may use the caching server
> # address: List of IP addresses that may use the caching server.
> #
> #allow-recursion { 127/8; 192.168/16; 10/8; 172.24/12;
> 64.30.170.142/32 <http://64.30.170.142/32>; };
> allow-recursion { any; };
>
> # FORWARD - Recommended for caching servers
> # Default: first
> # Values : first, only
> #
> # first: Query "forwarders" first, then resolve request ourself
> # only : Only query the "forwarders" to resolve requests
> #
> #forward first;
>
> # FORWARDERS - Required if "forward" is used
> # Default: (no forwarding)
> # Values : (addresslist)
> #
> # It is recommended that you use your ISP's caching server addresses
> # Example: forwarders { 127.0.0.1 <http://127.0.0.1>; 127.0.0.2<http://127.0.0.2>;
> }
> #
> #forwarders { };
>
> # QUERY SOURCE - Useful for caching servers behind a firewall
> # Default: address * port *
> # Values : The IP address and port to use as the source of queries to
> other servers
> #
> #query-source address * port 53;
>
> # NOTIFY - Relevant to authoritative servers
> # Default: yes
> # Values : yes, explicit, no
> #
> # yes : Send DNS NOTIFY messages to slave servers in zone NS
> records when zone changes
> # explicit: Only send DNS NOTIFY messages to "also-notify" hosts
> # no : Never automatically send DNS NOTIFY messages
> #
> notify no;
> };
>
> # Setup query logging
> logging {
> channel query_logging {
> # Enable query logging by uncommenting the below
> # Make sure to change the path to a valid directory
> #
> # version: number of backups created if size exceeded
> # size : maximum size of log file
> #
> file "C:\WINDOWS\system32\dns\etc\logs\query.log"
> versions 3 size 100M;
>
> # Time stamp entries
> #
> print-time yes;
> };
> category queries {
> query_logging;
> };
> category lame-servers { null; };
> };
>
>
>
> I dont see anything about logging to the event viewer, i do see the
> file it should be logging to though. any help is much appriciated.
> Thanks in advance.
>
> On 10/1/05, Danny Mayer <mayer at ntp.isc.org> wrote:
> > Josh Hyles wrote:
> > > Content-Type: text/plain; charset=ISO-8859-1
> > > Content-Transfer-Encoding: quoted-printable
> > > Content-Disposition: inline
> > > Every time I start/restart bind on my windows box it loads up Event
> viewer
> > > up with a million entries and I lose track of the entries for other
> > > programs. Does anyone know a way to make bind only log to a file?
> Currently
> > > it seems to only be logging queries to a file.
> > >
> > The real question here is why do you have a "million" entries? If you
> > have errors in your configuration or zone file you will get that. If you
> > told it to log certain activities and didn't direct them to a file you
> > will get that. If you don't want those activities logged change your
> > configuration file to turn them off.
> >
> > A) What's in the event log?
> >
> > B) What's in the configuration file?
> >
> > Danny
> >
> > > thanks in advance.
> > > Josh
> > >
> > >
> > >
> > >
> >
> >
>
>
>