Unix How-To: DNS Logging

By Sandra Henry-Stocker

Comments can be inserted as shown in the example following "//" markers. In this example, we are defining what we want logged (queries) and where we want to log the information. We'll store up to three versions with a maximum size of 100 MB.

logging {
      channel query_logging {
         file "/var/log/named_query.log"
         versions 3 size 100M;
         print-time yes;                 // timestamp log entries
      };

      category queries {
          query_logging;
      };
};

The trick is then to edit your named.conf (/etc/named.conf) file, add your logging clause and restart (or send a HUP to) BIND (named). Then you can peruse the log data and get an idea what your name service is doing.

The log data collected will look something like this:

26-May-2010 11:44:26.564 XX+/10.10.10.123/boson.particles.org/AAAA/IN
26-May-2010 11:44:26.974 XX+/10.10.2.101/255.255.255.255.in-addr.arpa/PTR/IN
26-May-2010 11:44:27.116 XX+/10.10.7.173/fermion.particles.org/AAAA/IN

Follow Sandra on Google+

Sandra Henry-Stocker has been administering Unix systems for more than 25 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She currently works for TeleCommunication Systems -- a company that builds innovative technologies to make critical connections happen -- where no one else necessarily shares any of her opinions. Send comments and suggestions to bugfarm@gmail.com.