help: need to know what queries are being requested.
Joe Kattner
joe.kattner at adelphia.com
Thu Oct 4 20:22:27 UTC 2001
Here is a pretty verbose logging section. The named.log will hold the
queries (and everything including the kitchen sink), and grow rapidly, hence
the version/size restrictions. This will provide a lot of detail to help
troubleshooting.
--Joe
logging {
channel namedlog {
file "/var/adm/named.log" versions 4 size 5M;
severity debug;
print-category yes;
print-severity yes;
};
channel default_syslog {
syslog daemon;
severity info;
};
category client { namedlog; };
category config { default_syslog; namedlog; };
category default { default_syslog; namedlog; };
category dnssec { namedlog; };
category general { namedlog; };
category lame-servers { namedlog; };
category network { namedlog; };
category notify { namedlog; };
category queries { namedlog; };
category resolver { namedlog; };
category security { namedlog; };
category update { namedlog; };
category xfer-in { namedlog; };
category xfer-out { namedlog; };
};
-----Original Message-----
From: Mark Parker [mailto:mparker at interosa.com]
Sent: Thursday, October 04, 2001 1:34 PM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: help: need to know what queries are being requested.
Hi all,
I'm running bind 9.1.3 on a sparc 2.8 box. I've got debug turned on (-d
3). I'm seeing lots of this in the named.run file:
Oct 04 11:06:19.455 client 209.119.36.1#53: UDP request
Oct 04 11:06:19.456 client 209.119.36.1#53: request is not signed
Oct 04 11:06:19.456 client 209.119.36.1#53: recursion approved
Oct 04 11:06:19.456 client 209.119.36.1#53: query
Oct 04 11:06:19.457 client 209.119.36.1#53: query approved
Oct 04 11:06:19.457 client 209.119.36.1#53: send
Oct 04 11:06:19.457 client 209.119.36.1#53: sendto
Oct 04 11:06:19.458 client 209.119.36.1#53: senddone
Oct 04 11:06:19.458 client 209.119.36.1#53: next
Oct 04 11:06:19.458 client 209.119.36.1#53: endrequest
As you can see, it doesn't tell me what the queries are actually for.
How can I get bind to do this? Increasing the debug level (to 300 even)
doesn't seem to help. I get more debug output for sure but not the actual
host or ip that the query is about.
Here's the relevant part of my named.conf file:
options {
directory "/usr/local/named/db/";
pid-file "/var/run/named.pid";
allow-transfer {"allow_xfer";};
// allow-query {"allow_query";};
};
logging { category default {default_syslog; default_debug;}; };
Any help is GREATLY appreciated.
-mark
More information about the bind-users
mailing list