Bind nameserver query logging

From Birnam Designs Wiki

Jump to: navigation, search

A few steps to get query logging for a bind server:

  1. create a named directory in /var/log and create an empty file /var/log/named/query.log
  2. ensure that you can access this directory. Edit /etc/apparmor.d/usr.sbin.named and make sure it includes:
    • /var/log/named/** rw,
    • /var/log/named/ rw,
  3. make sure you have permissions to /etc/bind/rndc.key -- they should be 640 root:bind
  4. Add a custom log file to the bind configuration. Set it to log info level data to /var/log/named/query.log
  5. add a logging category to save queries category logs to the log you just created
  6. save and reload bind with sudo /etc/init.d/bind9 reload
  7. toggle the query logging on with rndc querylog

Repeat that last command to turn it off.

That should do it!

Retrieved from "http://info.birnamdesigns.com/wiki/Bind_nameserver_query_logging"
Share This!
This page was last modified on 28 May 2009, at 15:52. This page has been accessed 464 times.