Best Practices Query Logging, On or Off ?
CT
groups at obsd.us
Thu Nov 18 18:36:46 UTC 2010
I am looking for a best practices for dns query logging
Versions in use on Linux...
- BIND 9.7.1-P2
- BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
The minimum logging statement in my test named.conf (bind 9.7.1-P2)
logging
{
category lame-servers { null; };
category resolver { null; };
};
which I have tested still allows the dns (default)
to log to /var/log/messages
--
default The default category defines the logging options for
those categories where no specific configuration has
been defined.
--
I have also been made aware that query logging can give a machine up to
a 30% performance hit but also with today's machines it is mostly
negligible..
My question is :
Do folks normally use query logging as a forensic tool or are most Bind
installations done without logging any queries ?
The powers that be seem to think the performance hit outweighs any
forensic benefit...
Thx
Charles
More information about the bind-users
mailing list