looks like an OK config for me.
- you should be able to view the name being queried and from what source IP
- debug10 = view the actual query (similar to dig)
so you can grep the NXDOMAIN or the ANSWER
are you able to view the log file? did it log the start-up processes of BIND?
you should be able to see tons and tons of log messages even just on startup of
named.
note that logging queries will significantly impact the query response rate of
the server. its a no no for production. on the other hand, your tcpdump script
sounds elegant...
--- On Sat, 11/29/08, wes <[EMAIL PROTECTED]> wrote:
> From: wes <[EMAIL PROTECTED]>
> Subject: logging query results
> To: bind-users@lists.isc.org
> Date: Saturday, November 29, 2008, 7:08 AM
> I would like to know if it's possible to log the output
> of each dns query.
> I'd like to do this to catch failed queries so I can
> see what people are
> looking for, and not finding, and add it for them if it
> should be there. I
> recently lost my old dns server so I have to start from
> scratch.
>
> This is my current logging configuration:
>
> logging {
> channel log {
> file "/var/log/named/named.log"
> versions 10
> size 100m;
> severity debug 9999;
> print-time yes;
> print-severity yes;
> print-category yes;
> };
> category default { log; };
> category queries { log; };
> };
>
> as far as I can tell, this is set up to log everything
> ever. but, I still
> don't get the actual query result in the log. Is there
> a way to do this?
>
> If not, that's ok, I'll set up a tcpdump script to
> do it. but I thought I
> would make sure there isn't a built-in method in bind
> first.
>
> thanks for any advice.
>
> -wes
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
