Logging question

Mark Andrews marka at isc.org
Fri Sep 9 01:45:24 UTC 2011 

	update-security

In message <OF5AB352C4.0BE87F82-ON85257905.0063BDB6-85257905.0065B0C2 at e1b.org>,
 WBrown at e1b.org writes:
> Running an Ubuntu server with the distro provided named 9.4.2.df.  After 
> taking ISC's Intro to DNS and BIND class, I've gotten the courage to 
> tackle some of the logging tweaks I would like.  All the lame server 
> errors are happily being delivered to the null channel.  I also figured 
> out how to log queries for troubleshooting and keep it from filling the 
> hard drive.
> 
> On one of our servers, there are a number of Windows systems that are 
> attempting to update zones which we do not allow.  It is not possible to 
> get all those machines changed to turn off this "feature."  I thought I 
> should be able change the logging to deliver these messages to a custom 
> channel for testing, and then change it to the null channel when I was 
> satisfied with the results.  Unfortunately, it doesn't work. 
> 
> Here is the copy of my logging statement:
> 
> 
> logging {
> 
>         channel query_log {
>                 file "query.log"
>                 versions 3
>                 size 20m;
>                 print-time yes;
>                 print-category yes;
>                 print-severity yes;
>         };
> 
>         // category queries { query_log; };
> 
> 
>         // Send all lame server errors to the null channel
>         category lame-servers { null; };
> 
>         // send all dynamic update messages to the null channel
>                 // too bad it don't work!
>         category update { query_log; };
> };
> 
> Logged messages are like this:
> 
> Sep  8 14:09:22 ns1 named[19392]: client 172.19.161.22#53489: update 
> '19.172.IN-ADDR.ARPA/IN' denied
> 
> In addition to the update category, I tried client and security 
> categories.  Errors continued to be logged in /var/log/daemon.log instead 
> of query.log (eventually null).
> 
> Any suggestions?
> 
> -- 
> 
> William Brown
> Web Development & Messaging Services
> Technology Services, WNYRIC, Erie 1 BOCES
> 
> 
> 
> 
> Confidentiality Notice: 
> This electronic message and any attachments may contain confidential or 
> privileged information, and is intended only for the individual or entity 
> identified above as the addressee. If you are not the addressee (or the 
> employee or agent responsible to deliver it to the addressee), or if this 
> message has been addressed to you in error, you are hereby notified that 
> you may not copy, forward, disclose or use any part of this message or any 
> attachments. Please notify the sender immediately by return e-mail or 
> telephone and delete this message from your system.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list