That seems interesting. I will look into that if I can't get bind's built-in logging system to do what I want.
thanks, -wes On Fri, Nov 28, 2008 at 11:23 AM, ivan jr sy <[EMAIL PROTECTED]> wrote: > > and why not use.. > https://www.dns-oarc.net/tools/dnscap > > dnscap -m q -e y -c 100 -w /path/file > > captures: > - queries only > - errors only > - after 100 packets where conditions are met > - write it to a file.. > > > Enjoy! > > --- On Sat, 11/29/08, ivan jr sy <[EMAIL PROTECTED]> wrote: > > > From: ivan jr sy <[EMAIL PROTECTED]> > > Subject: Re: logging query results > > To: bind-users@lists.isc.org, "wes" <[EMAIL PROTECTED]> > > Date: Saturday, November 29, 2008, 7:56 AM > > looks like an OK config for me. > > - you should be able to view the name being queried and > > from what source IP > > - debug10 = view the actual query (similar to dig) > > so you can grep the NXDOMAIN or the ANSWER > > > > are you able to view the log file? did it log the start-up > > processes of BIND? you should be able to see tons and tons > > of log messages even just on startup of named. > > > > note that logging queries will significantly impact the > > query response rate of the server. its a no no for > > production. on the other hand, your tcpdump script sounds > > elegant... > > > > > > --- On Sat, 11/29/08, wes <[EMAIL PROTECTED]> wrote: > > > > > From: wes <[EMAIL PROTECTED]> > > > Subject: logging query results > > > To: bind-users@lists.isc.org > > > Date: Saturday, November 29, 2008, 7:08 AM > > > I would like to know if it's possible to log the > > output > > > of each dns query. > > > I'd like to do this to catch failed queries so I > > can > > > see what people are > > > looking for, and not finding, and add it for them if > > it > > > should be there. I > > > recently lost my old dns server so I have to start > > from > > > scratch. > > > > > > This is my current logging configuration: > > > > > > logging { > > > channel log { > > > file "/var/log/named/named.log" > > > versions 10 > > > size 100m; > > > severity debug 9999; > > > print-time yes; > > > print-severity yes; > > > print-category yes; > > > }; > > > category default { log; }; > > > category queries { log; }; > > > }; > > > > > > as far as I can tell, this is set up to log everything > > > ever. but, I still > > > don't get the actual query result in the log. Is > > there > > > a way to do this? > > > > > > If not, that's ok, I'll set up a tcpdump > > script to > > > do it. but I thought I > > > would make sure there isn't a built-in method in > > bind > > > first. > > > > > > thanks for any advice. > > > > > > -wes > > > _______________________________________________ > > > bind-users mailing list > > > bind-users@lists.isc.org > > > https://lists.isc.org/mailman/listinfo/bind-users > > > > > > > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > > >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users