Free Hosting Online for WorkStations

< Previous | Contents | Next >

3.2. Logging


BIND9 has a wide variety of logging configuration options available. There are two main options. The

channel option configures where logs go, and the category option determines what information to log.


If no logging option is configured the default option is:


logging {

category default { default_syslog; default_debug; }; category unmatched { null; };

};


This section covers configuring BIND9 to send debug messages related to DNS queries to a separate file.

• First, we need to configure a channel to specify which file to send the messages to. Edit /etc/bind/ named.conf.local and add the following:


logging {

channel query.log {

file "/var/log/query.log"; severity debug 3;

};

};

• Next, configure a category to send all DNS queries to the query file:


logging {

channel query.log {

file "/var/log/query.log"; severity debug 3;

};

category queries { query.log; };

};


Note: the debug option can be set from 1 to 3. If a level isn't specified level 1 is the default.


• Since the named daemon runs as the bind user the /var/log/query.log file must be created and the ownership changed:


sudo touch /var/log/query.log

sudo chown bind /var/log/query.log

• Before named daemon can write to the new log file the AppArmor profile must be updated. First, edit / etc/apparmor.d/usr.sbin.named and add:


/var/log/query.log w,


Next, reload the profile:


cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r


For more information on AppArmor see Section 4, “AppArmor” [p. 194]


• Now restart BIND9 for the changes to take effect:


sudo systemctl restart bind9.service


You should see the file /var/log/query.log fill with query information. This is a simple example of the BIND9 logging options. For coverage of advanced options see Section 4.2, “More Information” [p. 178].


Top OS Cloud Computing at OnWorks: