logging query results

wes bind at the-wes.com
Fri Nov 28 19:29:10 UTC 2008 

That seems interesting. I will look into that if I can't get bind's built-in
logging system to do what I want.

thanks,
-wes

On Fri, Nov 28, 2008 at 11:23 AM, ivan jr sy <ivan_jr at yahoo.com> wrote:

>
> and why not use..
> https://www.dns-oarc.net/tools/dnscap
>
> dnscap -m q -e y -c 100 -w /path/file
>
> captures:
> - queries only
> - errors only
> - after 100 packets where conditions are met
> - write it to a file..
>
>
> Enjoy!
>
> --- On Sat, 11/29/08, ivan jr sy <ivan_jr at yahoo.com> wrote:
>
> > From: ivan jr sy <ivan_jr at yahoo.com>
> > Subject: Re: logging query results
> > To: bind-users at lists.isc.org, "wes" <bind at the-wes.com>
> > Date: Saturday, November 29, 2008, 7:56 AM
> > looks like an OK config for me.
> > - you should be able to view the name being queried and
> > from what source IP
> > - debug10 = view the actual query (similar to dig)
> > so you can grep the NXDOMAIN or the ANSWER
> >
> > are you able to view the log file? did it log the start-up
> > processes of BIND? you should be able to see tons and tons
> > of log messages even just on startup of named.
> >
> > note that logging queries will significantly impact the
> > query response rate of the server. its a no no for
> > production. on the other hand, your tcpdump script sounds
> > elegant...
> >
> >
> > --- On Sat, 11/29/08, wes <bind at the-wes.com> wrote:
> >
> > > From: wes <bind at the-wes.com>
> > > Subject: logging query results
> > > To: bind-users at lists.isc.org
> > > Date: Saturday, November 29, 2008, 7:08 AM
> > > I would like to know if it's possible to log the
> > output
> > > of each dns query.
> > > I'd like to do this to catch failed queries so I
> > can
> > > see what people are
> > > looking for, and not finding, and add it for them if
> > it
> > > should be there. I
> > > recently lost my old dns server so I have to start
> > from
> > > scratch.
> > >
> > > This is my current logging configuration:
> > >
> > > logging {
> > >     channel log {
> > >        file "/var/log/named/named.log"
> > >             versions 10
> > >             size 100m;
> > >        severity debug 9999;
> > >        print-time yes;
> > >        print-severity yes;
> > >        print-category yes;
> > >     };
> > >     category default { log; };
> > >     category queries { log; };
> > > };
> > >
> > > as far as I can tell, this is set up to log everything
> > > ever. but, I still
> > > don't get the actual query result in the log. Is
> > there
> > > a way to do this?
> > >
> > > If not, that's ok, I'll set up a tcpdump
> > script to
> > > do it. but I thought I
> > > would make sure there isn't a built-in method in
> > bind
> > > first.
> > >
> > > thanks for any advice.
> > >
> > > -wes
> > > _______________________________________________
> > > bind-users mailing list
> > > bind-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> >
> >
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081128/8288f8a2/attachment.html>

More information about the bind-users mailing list