Announcing WinBIND for anyone using BIND on Windows
Hi all, I mentioned a while ago that I run BIND on Windows and have written a few tools to assist me in monitoring and reporting on my BIND query logs. I'm pleased to announce that I've now packaged these and released them as free to use, with the unimaginative name of "WinBIND". WinBIND consists of a Windows service which parses and uploads BIND query logs to a specified SQL Server on a schedule. It includes a few additional niceties such as maintaining a pair of Windows Firewall rules to try and mitigate the participation of a Windows BIND server in a DNS DDoS attack against an unsuspecting victim, along with some useful reports on usage. It is my intention to continue developing the tool and adding features as I need them. For more information, or to download a copy of WinBIND, please visit my site at the link below. This site also contains some guides for installing and maintaining BIND on Windows. My thanks to Vicky for also including links to my site on the BND resources page of the ISC website. https://www.winbind.org Any feedback from fellow BIND on Windows users would be warmly welcomed, obviously off-list. Best, Richard. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dnstap shows little logging at debug 10
I can't seem to get any debug information out of BIND for troubleshooting
a dnstap problem I am having.
I have a CentOS 8.3.2011 VM with the COPR packages installed.
My /etc/opt/isc/scls/isc-bind/named.conf :
options {
directory "/var/opt/isc/scls/isc-bind/named/data";
listen-on { any; };
listen-on-v6 { any; };
dnssec-validation auto;
dnstap {all;};
// dnstap-output unix
"/var/opt/isc/scls/isc-bind/run/named/dnstap.sock";
dnstap-output unix
"/var/opt/isc/scls/isc-bind/log/named/dnstap.sock";
dnstap-identity "dnstap01.ldschurch.org";
dnstap-version "bind-9.16.12";
};
logging {
[SNIP]
channel dnstap_log {
file "/var/opt/isc/scls/isc-bind/log/named/dnstap" versions 3
size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity debug 10;
};
[SNIP]
category dnstap { dnstap_log; default_debug; };
};
On startup, the /var/opt/isc/scls/isc-bind/log/named/dnstap file is
created, but no information is logged:
4 -rw-r--r--. 1 named named system_u:object_r:named_log_t:s054 Mar
1 16:23 dnstap
This is despite /var/log/messages having the following line:
opening dnstap destination
'/var/opt/isc/scls/isc-bind/log/named/dnstap.sock'
Which I would have expected to see logged in
/var/opt/isc/scls/isc-bind/log/named/dnstap . On shutdown, this single
entry is logged in /var/opt/isc/scls/isc-bind/log/named/dnstap:
01-Mar-2021 16:23:31.597 dnstap: info: closing dnstap
There is nothing relevant in /var/log/audit/audit.log, so I don't think it
is SELinux related, especially since there is successful log entry on
shutdown.
I have tried changing the severity level from "info", to "debug 1", to
"debug 3", and then to "debug 10", but I can't seem to get any more
information out other than the single message about "closing dnstap".
Any idea what I am doing wrong?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: dnstap shows little logging at debug 10
Do you have something reading the pipe?
> On 2 Mar 2021, at 10:30, Adam Augustine wrote:
>
> I can't seem to get any debug information out of BIND for troubleshooting a
> dnstap problem I am having.
>
> I have a CentOS 8.3.2011 VM with the COPR packages installed.
>
> My /etc/opt/isc/scls/isc-bind/named.conf :
> options {
> directory "/var/opt/isc/scls/isc-bind/named/data";
> listen-on { any; };
> listen-on-v6 { any; };
> dnssec-validation auto;
> dnstap {all;};
> // dnstap-output unix "/var/opt/isc/scls/isc-bind/run/named/dnstap.sock";
> dnstap-output unix "/var/opt/isc/scls/isc-bind/log/named/dnstap.sock";
> dnstap-identity "dnstap01.ldschurch.org";
> dnstap-version "bind-9.16.12";
> };
>
> logging {
> [SNIP]
> channel dnstap_log {
> file "/var/opt/isc/scls/isc-bind/log/named/dnstap" versions 3 size
> 20m;
> print-time yes;
> print-category yes;
> print-severity yes;
> severity debug 10;
> };
> [SNIP]
> category dnstap { dnstap_log; default_debug; };
> };
>
> On startup, the /var/opt/isc/scls/isc-bind/log/named/dnstap file is created,
> but no information is logged:
>
> 4 -rw-r--r--. 1 named named system_u:object_r:named_log_t:s054 Mar
> 1 16:23 dnstap
>
> This is despite /var/log/messages having the following line:
>
> opening dnstap destination '/var/opt/isc/scls/isc-bind/log/named/dnstap.sock'
>
> Which I would have expected to see logged in
> /var/opt/isc/scls/isc-bind/log/named/dnstap . On shutdown, this single entry
> is logged in /var/opt/isc/scls/isc-bind/log/named/dnstap:
>
> 01-Mar-2021 16:23:31.597 dnstap: info: closing dnstap
>
> There is nothing relevant in /var/log/audit/audit.log, so I don't think it is
> SELinux related, especially since there is successful log entry on shutdown.
>
> I have tried changing the severity level from "info", to "debug 1", to "debug
> 3", and then to "debug 10", but I can't seem to get any more information out
> other than the single message about "closing dnstap".
>
> Any idea what I am doing wrong?
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
