>Logging Bind Queries

By | April 24, 2011

>

To log DNS  queries on linux, we use logging feature of Bind server.Suppose you want to log dns queries in file /var/log/querylog.log in this case make following entries in /etc/named.conf.

  logging {
              channel querylog{
                                         file “/var/log/querylog”;
                                         severity debug 3;
                                         print-category yes;
                                         print-time yes;
                                         print-severity yes;
                                        };
                category queries { querylog;};
             };

After putting above lines in /etc/named.conf , It is advisable to create log file manually

   root#touch /var/log/querylog

And and make it writeable by user named

  root#chown named.named /var/log/querylog



Restart bind server to apply changes

   root#/etc/init.d/named restart



Do some queries to dns server using dig or nslookup


View query now in file /var/log/querylog.

 root#tail /var/log/querylog


15 thoughts on “>Logging Bind Queries

  1. Mukesh

    >Not understand this line
    root#chown named.named /var/log/querylog

    what is diffrence between
    root#/etc/init.d/named restart and service named restsrt

    Reply
  2. Mukesh

    >not understand this ine
    root#chown named.named /var/log/querylog

    what is the diffrence between
    root#/etc/init.d/named restart and service named restart

    Reply
  3. vishesh

    >root#chown named.named /var/log/querylog
    Above line make named which is a user , the owner of log file /var/log/querylog

    root#/etc/init.d/named restart and service named restart
    Both are same

    Reply
  4. Mukesh

    >if i don"t want to write this line, can i check log file??, i am login from root, why need to create named.named, if need to create user why use named.named
    root#chown named.named /var/log/querylog

    Reply
  5. vishesh

    >You don't need to create user named. This user created automatically when you install bind server. Just change ownership of log file to named, and this is required.

    Reply
  6. Mukesh

    >plz before line number 10 put ;
    otherwise get error in service name restart
    2nd thing i have change all entry and working fine , my query with my dns
    #dig info.com @192.168.0.4
    result is ok according our dns, but when i check log file there is no any entry, plz advise any query for chek log file

    Reply
  7. Mukesh

    >yes there is no any entry, i am using this command to chek
    [root@localhost log]# cat /var/log/querylog
    [root@localhost log]# tail /var/log/querylog
    [root@localhost log]# vi /var/log/querylog

    Reply
  8. vishesh

    >Corrected line number 10 as error catches by mukesh.
    Thanks mukesh

    Reply
  9. Amit

    >so we were facing log error only because we didn't use
    chown named.named /var/log/querylog
    ?

    Reply
  10. Ben

    With named hav the rights above I’m still not able to see anything in this log. Help!

    Reply
    1. Mukesh Kumar Jha

      check permission for log file.
      I have implemented its working so not worry about this kindly share your configuration file

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *