NXDOMAIN Analysis
Darren Ankney
darren.ankney at gmail.com
Tue Dec 6 13:41:52 UTC 2022
The answers to both questions can probably be answered by logs
(possibly a slightly different config than my example below). Have a
look at the manual for logging:
https://bind9.readthedocs.io/en/v9_18_9/reference.html#logging-block-definition-and-usage
My guess is that you can gain insite to both of your questions by
printing logs at the appropriate severity.
logging {
channel primary_log {
file "/var/log/named/primary.log" versions 3 size 250k;
severity info;
print-time local;
};
category default {
primary_log;
};
};
On Tue, Dec 6, 2022 at 7:48 AM Silva Carlos <scarlos.4566 at gmail.com> wrote:
>
> Hello everybody
>
> I am newbie to BIND DNS.
>
> I would like your help to understand a little more about the problem below, please:
>
> ***Problem: Sometimes my DNS reports too many NXDOMAIN responses.
>
> ***Question 1: Is there any way to identify the site/domain that is being consulted and consequently generating NXDOMAIN?
>
> ***Question 2: Is there any way to identify the DNS client that is querying this non-existent website/domain?
>
> I use DNSTOP, but it doesn't have a lot of information.
>
> Many thanks to whoever helps me.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list