Enable logging for a single zone in BIND 8.2.3?
Kevin Darcy
kcd at chrysler.com
Tue Nov 20 21:54:41 UTC 2007
Sean Carolan wrote:
> Hello all:
>
> I've searched the mailing list archives, Google, and manuals but was
> unable to find how out to do this. I would like to enable query
> logging but only for one particular zone. The server I'm working with
> is running BIND 8.2.3, and I'm not able to easily upgrade it right
> away.
>
> I got logging working for *all* queries, but I really only want to log
> queries for hosts in one particular zone. Does anyone know how to do
> this?
>
I consider this a feature request since AFAIK there's no way to do this
with BIND currently.
If you're going to request the feature, however, may I suggest something
more general-purpose, such as limiting logging by pattern or regular
expression? Limiting it by _zone_ could be problematic, since sometimes
the actual zone containing the QNAME isn't known until well into the
iterative-resolution process, so you'd have to defer the logging
decision, keep a certain amount of state information, etc. Ugly. I'd
imagine it would be easier to just match the QNAME (and/or QTYPE/QCLASS)
up front with a pattern or regexp, and this would be a more flexible
arrangement from an administrative standpoint too (e.g. we could then
easily match the bazillion different variations of domain names with
"chrysler" embedded in them).
In the meantime, in the absence of such a feature, probably your best
bet is to keep your logging on a short leash (you can control the amount
of disk space and/or versions that are kept) and just extract what you
want from it.
- Kevin
More information about the bind-users
mailing list