logging query results

[ivan jr sy]

looks like an OK config for me.
- you should be able to view the name being queried and from what source IP
- debug10 = view the actual query (similar to dig)
so you can grep the NXDOMAIN or the ANSWER

are you able to view the log file? did it log the start-up processes of BIND? you should be able to see tons and tons of log messages even just on startup of named.

note that logging queries will significantly impact the query response rate of the server. its a no no for production. on the other hand, your tcpdump script sounds elegant...


--- On Sat, 11/29/08, wes <bind at the-wes.com> wrote:

> From: wes <bind at the-wes.com>
> Subject: logging query results
> To: bind-users at lists.isc.org
> Date: Saturday, November 29, 2008, 7:08 AM
> I would like to know if it's possible to log the output
> of each dns query.
> I'd like to do this to catch failed queries so I can
> see what people are
> looking for, and not finding, and add it for them if it
> should be there. I
> recently lost my old dns server so I have to start from
> scratch.
> 
> This is my current logging configuration:
> 
> logging {
>     channel log {
>        file "/var/log/named/named.log"
>             versions 10
>             size 100m;
>        severity debug 9999;
>        print-time yes;
>        print-severity yes;
>        print-category yes;
>     };
>     category default { log; };
>     category queries { log; };
> };
> 
> as far as I can tell, this is set up to log everything
> ever. but, I still
> don't get the actual query result in the log. Is there
> a way to do this?
> 
> If not, that's ok, I'll set up a tcpdump script to
> do it. but I thought I
> would make sure there isn't a built-in method in bind
> first.
> 
> thanks for any advice.
> 
> -wes
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users