Logging issue with bind
Hi guys.
I am currently trying to setup query logging with bind on a debian
server, but I seem unable to.
I have the exact same setup on another debian box and it works
flawlessly. I've been scratching my head all morning..
My configuration:
/etc/bind/named.conf:
logging {
channel munin_log {
file "/var/log/bind9/query.log" versions 30 size 15m;
severity dynamic;
print-time yes; };
category queries {
munin_log; };
};
/etc/bind/named.conf.options:
statistics-file "/var/log/bind9/named.stats";
List for the directory where logs should be:
root@srv:~# ls -alh /var/log/bind9/
total 16K
drwxr-xr-x 2 bind bind 4.0K 2012-02-16 10:25 .
drwxr-xr-x 14 root root 4.0K 2012-02-16 10:21 ..
-rw-r--r-- 1 bind bind 6.9K 2012-02-16 10:45 named.stats
-rwxrwxrwx 1 bind bind0 2012-02-16 10:21 query.log
Why does "named.stats" get written correctly and "query.log" not??
-RV
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Logging issue with bind
On 02/16/2012 09:48 AM, Raven wrote:
Hi guys.
I am currently trying to setup query logging with bind on a debian
server, but I seem unable to.
I have the exact same setup on another debian box and it works
flawlessly. I've been scratching my head all morning..
My configuration:
/etc/bind/named.conf:
logging {
channel munin_log {
file "/var/log/bind9/query.log" versions 30 size 15m;
severity dynamic;
"severity dynamic" starts at 0 i.e. off.
Just remove the "severity" line.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Logging issue with bind
On Thu, 2012-02-16 at 09:54 +, Phil Mayers wrote:
> On 02/16/2012 09:48 AM, Raven wrote:
> > Hi guys.
> > I am currently trying to setup query logging with bind on a debian
> > server, but I seem unable to.
> > I have the exact same setup on another debian box and it works
> > flawlessly. I've been scratching my head all morning..
> >
> > My configuration:
> > /etc/bind/named.conf:
> >
> > logging {
> >channel munin_log {
> > file "/var/log/bind9/query.log" versions 30 size 15m;
> > severity dynamic;
>
> "severity dynamic" starts at 0 i.e. off.
>
> Just remove the "severity" line.
Still not working I'm afraid.
I deleted query.log and restarted bind, but the log's still empty:
root@srv:~# ls -alh /var/log/bind9/
total 40K
drwxr-xr-x 2 bind bind 4.0K 2012-02-16 11:53 .
drwxr-xr-x 14 root root 4.0K 2012-02-16 10:21 ..
-rw-r--r-- 1 bind bind 31K 2012-02-16 12:11 named.stats
-rw-r--r-- 1 bind bind0 2012-02-16 11:53 query.log
And I double checked with rndc:
root@srv:~# rndc status
version: 9.7.3
CPUs found: 4
worker threads: 16
number of zones: 31
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
What else could it be? Some debian-specific bug?
-RV
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Logging issue with bind
> Von: Raven
> > > I am currently trying to setup query logging with bind on a debian
> > > server, but I seem unable to.
> > > logging {
> > >channel munin_log {
> > > file "/var/log/bind9/query.log" versions 30 size 15m;
> > > severity dynamic;
> > "severity dynamic" starts at 0 i.e. off.
correct.
> >
> > Just remove the "severity" line.
No, let it be, it's nothing wrong with it.
> Still not working I'm afraid.
> What else could it be? Some debian-specific bug?
No, nothing Debian-specific :-)
You told Bind how to log queries in the config.
Now you have to tell Bind that he should start with the querylogging.
Do:
rndc querylog
Tom.
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Logging issue with bind
In message <20120216121954.94...@gmx.net>, "Tom Schmitt" writes:
>
> > Von: Raven
>
> > > > I am currently trying to setup query logging with bind on a debian
> > > > server, but I seem unable to.
>
> > > > logging {
> > > >channel munin_log {
> > > > file "/var/log/bind9/query.log" versions 30 size 15m;
> > > > severity dynamic;
>
> > > "severity dynamic" starts at 0 i.e. off.
>
> correct.
>
> > >
> > > Just remove the "severity" line.
>
> No, let it be, it's nothing wrong with it.
>
> > Still not working I'm afraid.
> > What else could it be? Some debian-specific bug?
>
> No, nothing Debian-specific :-)
>
> You told Bind how to log queries in the config.
>
> Now you have to tell Bind that he should start with the querylogging.
> Do:
>
> rndc querylog
or "querylog yes;"
> Tom.
>
> --
> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
> belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
block ddns by name
Hi Does anyone know if there is a way to prevent the creation of certain records - by name? Basically I want to prevent the creation of "localhost" and "internal" on my internal zone. (looks like SAP has a problem if there is a localhost A-rec pointing to another ip than 127.0.0.1) (and MS AD if there is any internal.internal.mycompany.com A-rec) As a workaround I could create a localhost-entry pointing to 127.0.0.1 and set dhcp to not overwrite any record. But this would not help with the internal rec, because such one simply must not exist. Config: Clients are not allowed to perform any ddns updates, the dhcp performs these. So I could filter in dhcp or bind Currently running: BIND 9.7.3-P3 DHCP 3.1-ESV-R3 Soon upgrading to: BIND 9.7.4-P1 DHCP 4.1-ESV-R4 Thanks for any help And DO NOT ASK who calls their machines localhost or internal - i don't even want to know. --- Ing. Christian Melbinger Netzwerk & Security WienIT EDV Dienstleistungsgesellschaft mbH & Co KG A-1030 Wien, Thomas-Klestil-Platz 6 tel: +43 (1) 90405 47188 fax: +43 (1) 90405 88 47188 mailto:christian.melbin...@wienit.at WienIT EDV Dienstleistungsgesellschaft mbH & Co KG, A-1030 Wien, Thomas-Klestil-Platz 6, FN 255974h, Handelsgericht Wien, DVR: 2109667, UID-Nr. ATU61260824 Persönlich haftender Gesellschafter: WienIT EDV Dienstleistungsgesellschaft mbH, A-1030 Wien, Thomas-Klestil-Platz 6, FN 255649f, Handelsgericht Wien, UID-Nr. ATU61296118 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can i use my custom root hint file
Thanks JP On Wed, Feb 15, 2012 at 2:23 PM, Jan-Piet Mens wrote: > > For My internal DNS setup i want to create a internal root hint file . > > Should i follow the pattern of standard root hint file ? > > Yes, create your own hints zone containing one or more NS RRsets with > their respective glue. Something along these lines: > > .360 IN NSONE.MY-ROOTS.NET. > ONE.MY-ROOTS.NET.360 IN A 192.168.1.1 > >-JP > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- http://linuxmantra.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: block ddns by name
Melbinger Christian wrote:
>
> Does anyone know if there is a way to prevent the creation of certain
> records - by name?
http://ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies
Based on that, something the following should do what you want:
update-policy {
deny "*" name "internal.example.com";
# ...
};
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Shannon: Westerly or southwesterly 5 or 6, but 4 until later in far south.
Moderate or rough. Occasional rain or drizzle. Moderate or good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: block ddns by name
> Von: Tony Finch
> > Does anyone know if there is a way to prevent the creation of certain
> > records - by name?
>
> update-policy {
> deny "*" name "internal.example.com";
> # ...
> };
Hi,
I have a quite similar question but can't figure it out from the doc for
update-policy:
I have a few DHCP-clients which are sending really stupid hostnames to the DHCP
and via DHCP they got into my DNS zones.
Example: A few IP-phones are sending as their hostname eight times xFF. And
this not printable name is then in DNS where I (and a few older nameserver)
don't want it.
So is there something possible like
update-policy { deny "*" name /^a-zA-Z0-9_\-/; };
?
(For thos who don't speak regex: deny all names with something in it what is no
letter or digit or underscore or dash.
Tom.
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Logging issue with bind
On Fri, 17 Feb 2012, Mark Andrews wrote: > > Do: > > > > rndc querylog > > or "querylog yes;" But the previous email showed rndc status had: query logging is ON ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Logging issue with bind
On Feb 16 2012, Phil Mayers wrote:
On 02/16/2012 09:48 AM, Raven wrote:
Hi guys.
I am currently trying to setup query logging with bind on a debian
server, but I seem unable to.
I have the exact same setup on another debian box and it works
flawlessly. I've been scratching my head all morning..
My configuration:
/etc/bind/named.conf:
logging {
channel munin_log {
file "/var/log/bind9/query.log" versions 30 size 15m;
severity dynamic;
"severity dynamic" starts at 0 i.e. off.
No 0 is equivalent to "info", except in one case:
ARM> The default_debug channel has the special property that it only
ARM> produces output when the server's debug level is nonzero.
It's actually quite a pain that one can't define one's own channels
with that "special property".
--
Chris Thompson
Email: c...@cam.ac.uk
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Logging issue with bind
On Thu, 2012-02-16 at 09:55 -0600, Jeremy C. Reed wrote: > On Fri, 17 Feb 2012, Mark Andrews wrote: > > > > Do: > > > > > > rndc querylog > > > > or "querylog yes;" > > But the previous email showed rndc status had: > > query logging is ON Indeed. I tried disabling and re-enabling it, but to no avail. Don't really know where to look now.. -RV ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Logging issue with bind
On 02/16/2012 06:02 PM, Chris Thompson wrote: "severity dynamic" starts at 0 i.e. off. No 0 is equivalent to "info", except in one case: Ah, my mistake. I took a quick look at the posters config and saw this as the only difference from our standard one, hence called it out. Sorry for the confusion. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: State diagram for DNSsec key lifecycle
Am 14.02.2012 um 16:33 schrieb Axel Rau: > > Am 13.02.2012 um 19:48 schrieb Axel Rau: > >> Here is the next revision with comments from Mark and Jeff incorporated >> (same URL): >> >> https://www.chaos1.de/svn-public/repos/network-tools/DNSsec/trunk/dnssec_key_states.pdf >> I'm still unsure about submitting the follow-up DS while its KSK not yet >> active. >> Please review carefully and comment. Simplifications are also welcome. > From state 'KSK2 active KSK1 inactive' to state 'DS1 retired from parent' the > diagram shows a delay of MD. > Keeping the DS after inactivity of its KSK makes no sense to me. > > What do you mean? Due to lack of input, I did a major rework of the diagram, based on NIST 800-81r1. Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
possible to create simple DNS server that effects mapping network drive?
Hi, I'm new to BIND, and was wondering if it would be a good fit for my application. I need to map a remote Linux CentOS 6.2 drive onto my Mac Snow Leopard machine. I currently use Panic Transmit for this. The mapping process uses SFPT protocol and results in a the hostname of: host3.mydomain.com. So everytime the Mac contacts the server, it enters the server port 80 using a hostname of host3.mydomain.com. I cannot change this within Panic Transmit, but I need this network drive to have any name other than host3.mydomain.com. That is the requests coming from the Mac must enter port 80 using a hostname other than host3.mydomain.com. Is there a way I can (easily, I'm not a Linux system admin) use BIND as a DNS server to change the mapped network drive name (to anything other than host3.mydomain.com), without effecting other parts of the server (it can't have any effect on the httpd.conf file used by Apache webserver, which is auto-configured using Cpanel based on the hostname of the server)? Looking at /etc/hosts, I see there are a few aliases for the IP of the server, maybe we can use one of those (or something else)?: # more /etc/hosts ... xx.xxx.xxx.196 host3.mydomain.com host3 ns1.mydomain.com ... I used yum list bind to see I have bind.x86_64 (32:9.7.3-8.P3.el6_2.2) already installed on the CentOS 6.2 server. Please don't assume much prior knowledge in your responses (although I know my way around Linux somewhat, I don't know much about DNS servers). Thanks in advance. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: possible to create simple DNS server that effects mapping network drive?
Nevermind on this question... I seem to have stumbled upon a simpler approach that holds promise. Will send out again if things change. Sorry for any confusion. - Original Message - From: modjkl...@comcast.net To: bind-users@lists.isc.org Sent: Thursday, February 16, 2012 6:49:28 PM Subject: possible to create simple DNS server that effects mapping network drive? Hi, I'm new to BIND, and was wondering if it would be a good fit for my application. I need to map a remote Linux CentOS 6.2 drive onto my Mac Snow Leopard machine. I currently use Panic Transmit for this. The mapping process uses SFPT protocol and results in a the hostname of: host3.mydomain.com. So everytime the Mac contacts the server, it enters the server port 80 using a hostname of host3.mydomain.com. I cannot change this within Panic Transmit, but I need this network drive to have any name other than host3.mydomain.com. That is the requests coming from the Mac must enter port 80 using a hostname other than host3.mydomain.com. Is there a way I can (easily, I'm not a Linux system admin) use BIND as a DNS server to change the mapped network drive name (to anything other than host3.mydomain.com), without effecting other parts of the server (it can't have any effect on the httpd.conf file used by Apache webserver, which is auto-configured using Cpanel based on the hostname of the server)? Looking at /etc/hosts, I see there are a few aliases for the IP of the server, maybe we can use one of those (or something else)?: # more /etc/hosts ... xx.xxx.xxx.196 host3.mydomain.com host3 ns1.mydomain.com ... I used yum list bind to see I have bind.x86_64 (32:9.7.3-8.P3.el6_2.2) already installed on the CentOS 6.2 server. Please don't assume much prior knowledge in your responses (although I know my way around Linux somewhat, I don't know much about DNS servers). Thanks in advance. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
