Unix How-To: DNS Logging

By  

While it's generally preferable to let DNS servers to do their jobs quietly, you might sometimes want to turn on logging for troubleshooting or to view of kind of requests that are coming through the service routinely. To turn logging on, you just need to tweak the syntax in your configuration file and add some syntax that at first glimpse might seem fairly tricky.

Logging for DNS servers requires that you add a logging clause to your named.conf file. This can be mildly traumatic. There's so much syntax to choose from! But it may not be quite as difficult as you might expect.

Here's the basic syntax for the logging clause. Note that just about all of it is optional.

logging {
   [ channel channel_name {
     ( file path name
         [ versions ( number | unlimited ) ]
         [ size size_spec ]
       | syslog syslog_facility
       | stderr
       | null );
     [ severity (critical | error | warning | notice |
                 info | debug [ level ] | dynamic ); ]
     [ print-category yes | no; ]
     [ print-severity yes | no; ]
     [ print-time yes | no; ]
   }; ]
   [ category category_name {
     channel_name ; [ channel_name ; ... ]
   }; ]
   ...
};

Here's what some of the keywords mean:

  • channel -- the control channel you want to log
  • file -- where you want to store log data (if not via syslog), absolute path in quotes
  • versions -- number of file versions that should be kept
  • size -- size limit on log file
  • syslog -- if using syslog logging facility
  • stderr -- write to standard out
  • null -- write to /dev/null
  • severity -- defines logging levels
  • print-category -- whether category is written to log (default is no)
  • print-severity -- whether severity is written to log (default is no)
  • print-time -- whether time stamps are added to log (default is no)
  • category -- controls what categories are written to the log and can be any of these:
    • client = client requests,
    • config = confile file parsing)
    • database = internal DNS databases
    • delegation-only = queires returning NXDOMAIN following delegation-only zone or statement in a hint or stub zone declaration
    • dispatch = dispatch of incoming packets to server modules
    • dnssec = DNSSEC and TSIG protocol processing
    • general = the default (not matching other choices)
    • lame-servers = lame servers
    • network = network operations
    • notify = all NOTIFY operations
    • queries = all queries
    • resolver = name resolutions including recursive lookups
    • security = approvals and denials
    • unmatched = no matching clauses or unrecognized class value
    • update = all dynamic updates (DDNA)
    • update-security = approvals and denials of update requests
    • xfer-in = received sone transfers
    • xfer-out = sent zone transfers

Given the many choices, you can be fairly exacting about what you want to see.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Operating SystemsWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness