Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Bind 9.x cannot log answers to queries
Operating Systems Linux Red Hat Bind 9.x cannot log answers to queries Post 302517694 by Vadim B on Wednesday 27th of April 2011 01:04:01 PM
Old 04-27-2011
Data Bind 9.x cannot log answers to queries
I know this is a duplicate question but the original has never been answered properly. I've got Bind 9.x set up on my box and the logging turned on. I can see queries being logged but I still can't get it to log the answers to those queries. Here is my named.conf file:
Code:
 # File: /etc/named.conf

  logging {
              channel query.log {
                          file "/tmp/dnslog";
                                  // Set the severity to dynamic to see all the
                                  // debug messages.
                                  severity debug;
                                  print-time yes;
                                  print-severity yes;
                                  print-category yes;
                                      };

              category default { query.log; };
              category network { query.log; };
              category queries { query.log; };
              category general { query.log; };
              category database { query.log; };
              category security { query.log; };
              category config { query.log; };
              category resolver { query.log; };
              category xfer-in { query.log; };
              category xfer-out { query.log; };
              category notify { query.log; };
              category client { query.log; };
              category unmatched { query.log; };
              category update { query.log; };
              category dispatch { query.log; };
              category dnssec { query.log; };
              category lame-servers { query.log; };

  };

  options {
      listen-on port 53 { 127.0.0.1; };
  };

Last edited by Scott; 04-27-2011 at 04:56 PM.. Reason: Code tags
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

I Need Some (help)answers Asap

can someone explain the meaning of the following shell commands: 1. who / wc -l 2. who / sort > user_names 3. cat students > new_students 4. current_day='date / cut -cl-3' i would also appreciated if you could tell me some things about the umask 1. what is a good umask value and why? 2.... (2 Replies)
Discussion started by: dakis
2 Replies

2. Shell Programming and Scripting

basic script for yes and no answers

What is the basic syntax for a script that says do you want to do this? y - execute this n - end not y or n - end and print this for example if I want to run this: "Do you want to start this process?" answer if y,Y, or yes then run the following script (do I put the script with... (10 Replies)
Discussion started by: llsmr777
10 Replies

3. UNIX and Linux Applications

MySQL Slow Queries Log: Lock_time

In MySQL's slow queries log, it'll have an entry like this: # User@Host: scc_service @ # Query_time: 43 Lock_time: 0 Rows_sent: 0 Rows_examined: 0 SET timestamp=1237769209; UPDATE loan SET funding_status="scheduled",datetime_approved=now() WHERE loan_id = '00000'; What does Lock_time... (2 Replies)
Discussion started by: zefflyn
2 Replies

4. Red Hat

BIND 9.x log answers to queries

Hi, Can anyone tell me how in BIND 9.x (running 9.7.3) do you configure it to put the answer to each query in the log. I see the query, the IP who asked the query but not what the answer to the query is. thanks for your help, Phil (3 Replies)
Discussion started by: pcblack23
3 Replies

5. UNIX for Dummies Questions & Answers

Question and answers

Hello All, I need to prepare for interview. Can any body help me with interview question and answers pls.. Regards, Sam (2 Replies)
Discussion started by: j_panky
2 Replies

6. UNIX for Dummies Questions & Answers

Need answers urgently!!

hello guys!! need 1 favour from u all.. Can u jst tell me the answers for these ques?? 1. ls - l _____ : command to return all files that end with single digit and those with TXT extension 2. ls -l report* _______ : command to return all files that start with the word RPT except those with LOG... (1 Reply)
Discussion started by: Gan_7
1 Replies

7. Programming

Always giving the answers as 1

Hi, I have wrote a python program to sum the numbers in a list.However its giving answer one. Please advise. MyList = Number = int(input("Please enter number:")) for i in range(1, Number + 1): value = int(input("Enter Numbers %d:" %i)) MyList.append(value) total =... (3 Replies)
Discussion started by: nag_sathi
3 Replies

LEARN ABOUT DEBIAN

bind9_query2dlf

BIND9_QUERY2DLF.IN(1)					  LogReport's Lire Documentation				     BIND9_QUERY2DLF.IN(1)

NAME

       bind9_query2dlf - convert BIND9 querylogs to dlf

SYNOPSIS

       bind9_query2dlf

DESCRIPTION

       bind9_query2dlf expects BIND 9 query log files on stdin.

       If you have a

	       channel query_logging {
		       file "/var/log/named_querylog"
		       versions 3 size 100M;
		       print-time yes;		       // timestamp log entries
	       };

       in your named.conf, the produced logfiles are supported.  Optionally, you could add

		       print-category yes;	       // print category name
		       print-severity yes;	       // print severity level

       to this channel.  Query logs as produced by a patched BIND (see NOTES below) are supported too.

       We also support Bind 9.3 log file which uses a new date format (15-Jul-2002) instead of the old-syslog one.

EXAMPLE

       With print-time, print-category and print-severity set:

	Feb 25 11:09:43.651 queries: info: client 10.0.0.3#1035:
	 query: 3.example.com.nl IN A
	Feb 25 11:09:48.739 queries: info: client 10.0.0.3#1035:
	 query: 3.example.com.nl IN A
	Feb 25 12:50:32.476 queries: info: client 10.0.0.3#1035:
	 query: 21.example.com.co.uk IN A
	Feb 25 12:50:34.110 queries: info: client 10.0.0.3#1035:
	 query: 22.example.com IN A
	Feb 25 12:50:34.525 lame-servers: info: lame server on
	 '22.example.com' (in '23.example.com'?): 10.0.0.4#53
	Feb 25 12:50:34.715 queries: info: client 10.0.0.3#1035:
	 query: 24.example.com IN A
	Feb 26 07:30:08.211 queries: info: client 10.0.0.1#1050:
	 query: 1.0.0.10.in-addr.arpa IN PTR
	Feb 26 12:26:55.455 queries: info: client 10.0.0.1#1051:
	 query: 28.example.com.nl IN MX
	Feb 04 04:02:00.932 general: info: loading configuration
	 from '/etc/336.example.com'
	Feb 18 04:02:01.023 security: warning: zone
	 '337.example.com.nl' allows updates by IP address, which
	 is insecure
	Feb 18 04:02:01.049 config: warning: option 'use-id-pool'
	 is obsolete
	Feb 18 04:02:01.049 config: warning: option 'check-names'
	 is not implemented
	Feb 18 04:02:01.049 config: warning: option
	 'statistics-interval' is not yet implemented
	Feb 18 04:02:01.049 network: info: no IPv6 interfaces found
	Feb 04 16:47:18.289 security: info: client 10.0.0.201#137:
	 query denied
	Feb 20 07:26:53.731 general: info: running
	Feb 13 08:01:56.138 general: info: shutting down
	Feb 13 08:01:56.140 network: info: no longer listening on
	 10.0.0.3#53
	Feb 14 08:02:13.983 general: info: refresh_callback: zone
	 384.example.com/IN: failure for 10.0.0.204#53: timed out

       With only print-time set:

	Aug 27 04:07:13.361 client 127.0.0.1#3123: query: foo.com IN ANY
	Aug 27 04:07:13.438 client 127.0.0.1#3123: query: fu.bar.nl IN AAAA
	Aug 27 04:07:13.443 client 127.0.0.1#3123: query: fu.bar.nl IN A

EXAMPLES

       To process a log as produced by bind9:

	$ bind9_query2dlf < dns-query

       bind9_query2dlf will be rarely used on its own, but is more likely called by lr_log2report:

	$ lr_log2report bind9_query < /var/log/dns-query

NOTES

       Bind9 versions before 9.3 did not log wether the query was recursive, therefore the last dlf field (DLF_RESOLVER) is a '-'.  However,
       applying this patch by Wytze van der Raay:

	# patch bin/named/query.c to log recursive/non-recursive query indication
	SRC=bin/named/query.c
	if [ -f ${SRC}.org ]
	then
		echo "Patched ${SRC} already in place"
	else
		echo "Patch ${SRC} for recursive/non-recursive query indication"
		cp -p ${SRC} ${SRC}.org
		patch -p0 ${SRC} <<!
	--- bin/named/query.c.org	Mon Sep 24 22:57:48 2001
	+++ bin/named/query.c	Tue Sep 25 09:55:21 2001
	@@ -3272,7 +3272,8 @@
		dns_rdatatype_format(rdataset->type, typename, sizeof(typename));

		ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY,
	-		      level, "query: %s %s %s", namebuf, classname, typename);
	+		      level, "query: %s %s %s%s", namebuf, classname, typename,
	+		      WANTRECURSION(client) ? "+" : "-");
	 }

	 void
	!
	fi

       will yield loglines like

	Nov 11 12:06:42.829 queries: info: client 10.0.0.1#3664:
	  query: 6.example.com.nl IN A+

       A '+' indicates a recursive query, - indicates a non-recursive query, the lack of + or - indicates a non-patched pre-9.3 bind9.	See
       Wytze's message of Fri, 28 Dec 2001 16:56:30 +0100 on bind9-workers@isc.org , archived at
       http://www.mail-archive.com/bind9-workers@isc.org/msg00501.html .

       This type of logfiles is recognised by the script.

       BIND 9.3 or later does offer full support for this logging feature.  In addition, it logs view, signer and EDNS information, all of which
       will be ignored by this version of the script.

       In a private discussion on Thu, 18 Jul 2002 07:55:22 +0200, Wytze wrote:

	This contains the "ISC-compatible" version of  the patch for getting a
	recursive/non-recursive request logged. ISC decided there should be a space
	between the type and the recursion indicator in the logfile, so be it.

       If you want to have your BIND 9.2.1 to log in the ISC-compatible 9.3 style, apply this patch to your BIND sources:

	--- bin/named/query.c.org	Thu Mar 28 06:10:09 2002
	+++ bin/named/query.c	Wed Jul 17 08:14:41 2002
	@@ -3279,7 +3279,8 @@
		dns_rdatatype_format(rdataset->type, typename, sizeof(typename));

		ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY,
	-		      level, "query: %s %s %s", namebuf, classname, typename);
	+		      level, "query: %s %s %s %s", namebuf, classname, typename,
	+		      WANTRECURSION(client) ? "+" : "-");
	 }

	 void

       .  This script understands both Wytze-style and ISC-style recursiveness indication.

THANKS

       Wytze van der Raay, for supplying the BIND 9 query log patch.

SEE ALSO

       bind8_query2dlf(1), The bind9 online documentation, as distributed with BIND (but unfortunately not online at http://isc.org/ , you might
       like http://doc.mdcc.cx/doc/bind/html/logging.html though)

VERSION

       $Id: bind9_query2dlf.in,v 1.7 2006/07/23 13:16:33 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2001 Joost Bekkers <joost@jodocus.org>, Copyright (C) 2000, 2001, 2002 Stichting LogReport Foundation LogReport@LogReport.org

       This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
       the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

AUTHOR

       Joost Bekkers <joost@jodocus.org>, based on Edwin Groothuis and Joost van Baal's work, now maintained by the LogReport team.

Lire 2.1.1							    2006-07-23						     BIND9_QUERY2DLF.IN(1)
All times are GMT -4. The time now is 02:08 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy