No logging of failed queries

Tue, 13 Apr 2021 05:42:02 -0700 

Hi, 

I am using bind's geoip feature, created one ACL to allow country IN. I am not 
getting logs of a failed query if the client IP is other than than country IN. 
Rest all is working fine, getting logs of successful queries. Below find the 
config details: 

BIND 9.16.13 (Stable Release) <id:072e758> 
running on Linux x86_64 3.10.0-1160.24.1.el7.x86_64 #1 SMP Thu Apr 8 19:51:47 
UTC 2021 
built by make with '--prefix=/usr' '--sysconfdir=/etc' '--localstatedir=/var' 
'--mandir=/usr/share/man' '--with-libtool=/usr/lib64' '--disable-static' 
'--with-maxminddb' 
compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-44) 
compiled with OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017 
linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017 
compiled with libuv version: 1.41.0 
linked to libuv version: 1.41.0 
compiled with zlib version: 1.2.7 
linked to zlib version: 1.2.7 
linked to maxminddb version: 1.2.0 
threads support is enabled 

default paths: 
named configuration: /etc/named.conf 
rndc configuration: /etc/rndc.conf 
DNSSEC root key: /etc/bind.keys 
nsupdate session key: /var/run/named/session.key 
named PID file: /var/run/named/named.pid 
named lock file: /var/run/named/named.lock 
geoip-directory: /usr/share/GeoIP 


acl "test" { 
geoip country IN; 
}; 

options { 
geoip-directory "path to geo db"; 

view "local" { 
match-clients { test; }; 
recursion yes; 

channel queries { 
file "/var/log/queries"; 
print-time yes; 
print-category yes; 
print-severity yes; 
}; 
category queries { 
queries; 
}; 
channel security { 
file "/var/log/security"; 
print-time yes; 
print-category yes; 
print-severity yes; 
}; 
category security { 
queries; 
}; 
channel query-errors { 
file "/var/log/query-errors"; 
print-time yes; 
print-category yes; 
print-severity yes; 
}; 
category query-errors { 
query-errors; 
}; 


BR, 
Sachchidanand 




_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to