redworks
asked on
DNS (BIND named) logging for specific record
Is it possible to check for a specific record?
What I want is to see which IPs are trying to resolve a certain CNAME record, so I can tell these customers to update their records.
What I want is to see which IPs are trying to resolve a certain CNAME record, so I can tell these customers to update their records.
muff
No. But you could just log everything, then search the logs for what you need.
ASKER
How do I do this then? I can't seem to find that option.
ASKER
How do I log "everything"?
I want to see who tries to connect to a certain A record...
I want to see who tries to connect to a certain A record...
Try adding this to your config:
logging{
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category client {
simple_log;
};
};
logging{
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category client {
simple_log;
};
};
ASKER
I did this, it does not seem to add anything to the file.. I chowned it named:named and chmod 660.
Can you try changing "client" to "default". This should emit some logs.
Thanks.
ASKER
still... nothing...
Did you change ownership of the /var/log/named directory as well as the file within it? In fact, it would be better to change ownership of the directory, and delete the file, then let bind create the file itself.
That way we could at least see if bind is at least attempting to access the file if it gets created.
And named is definitely the user that bind is running as?
If there are issues, you'll see them in /var/log/messages or /var/log/syslog
That way we could at least see if bind is at least attempting to access the file if it gets created.
And named is definitely the user that bind is running as?
If there are issues, you'll see them in /var/log/messages or /var/log/syslog
ASKER
My bad. I was running a chroot. I created it in there, now it gives:
"May 28 16:51:49 www named[26016]: logging channel 'simple_log' file '/var/log/named/bind.log':
May 28 16:51:49 www named[26016]: isc_log_open '/var/log/named/bind.log' failed: permission denied"
While the permissions are named (correct) and even chmodded 666!
"May 28 16:51:49 www named[26016]: logging channel 'simple_log' file '/var/log/named/bind.log':
May 28 16:51:49 www named[26016]: isc_log_open '/var/log/named/bind.log' failed: permission denied"
While the permissions are named (correct) and even chmodded 666!
Where are you seeing the errors if the bind.log cannot be written to?
If it is in the non-chroot /var/log/[somethning] then it is attempting to write to the non-chroot location I guess? So before it gets chrooted...
If it is in the non-chroot /var/log/[somethning] then it is attempting to write to the non-chroot location I guess? So before it gets chrooted...
ASKER
I have both files. Nonchroot and chroot. same permissions.
both fail.
both fail.
This would be difficult to diagnose without taking a look at your setup. I'd suggest running it outside of a chroot to see if it can write to the log file.
You confirmed that
<chroot>/var/log/named is owned by named as well as <chroot>/var/log/named/bin
Did you try deleting the file and letting bind created as suggested?
ASKER
Deleted. Tried to recreate it as you suggested, nothing. Same error.
You confirmed that
<chroot>/var/log/named is owned by named as well as <chroot>/var/log/named/bin
<chroot>/var/log/named is owned by named as well as <chroot>/var/log/named/bin
(I am putting each suggestion or question in a separate post as they seem to be missed otherwise)
I'd suggest running it outside of a chroot to see if it can write to the log file.
I'd suggest running it outside of a chroot to see if it can write to the log file.
ASKER
Correct. Yes, I did. fails
You are running this outside a chroot, with the log pointing to a file in a directory that has the same ownership as the process owner and it gets a permission failure?
If you have confirmed all of this, then your filesystem is corrupt. I would double check if I were you.
I gather from the minimal responses that you are somehow unhappy with the progress you are getting with this question so I shall leave it to someone else to help further.
If you have confirmed all of this, then your filesystem is corrupt. I would double check if I were you.
I gather from the minimal responses that you are somehow unhappy with the progress you are getting with this question so I shall leave it to someone else to help further.
ASKER
Ah it seems to work. CHMOD *must* be 750?...
anyway... both "default" as "client" do not show it when someone resolves an A-record...
and this is kinda what I want... I want to see when someone calls a specific A-Record...
anyway... both "default" as "client" do not show it when someone resolves an A-record...
and this is kinda what I want... I want to see when someone calls a specific A-Record...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, and if you would like queries logged to a separate file you need a different channel set up pointing at a different file, then the category is "queries" not "client" (my mistake).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Or you could do it that way.
Show some appreciation.
ASKER
I am greatful for your assistance. But, in all honesty, the solution provided was not the solution for my question.
If you tried it you would have seen it did exactly what you needed.
Were you aware of the logging parameters and rdnc prior to this question being asked? Seems unlikely you would have asked the question in the first instance if you were.
Appreciation is for allocating points to those who who put time and effort in to help you along your path and guide you to the answer as well as actually providing it.
How does revoking points encourage me to help others if I do 90% of the work, and the Asker does the final 10% and then revokes the question?
Were you aware of the logging parameters and rdnc prior to this question being asked? Seems unlikely you would have asked the question in the first instance if you were.
Appreciation is for allocating points to those who who put time and effort in to help you along your path and guide you to the answer as well as actually providing it.
How does revoking points encourage me to help others if I do 90% of the work, and the Asker does the final 10% and then revokes the question?