Re: Bind query logging
Hi Zoltan,
I don't see the "default" category defined there. The default is
syslog I believe. This might be why you are getting some logs in
syslog: see:
https://bind9.readthedocs.io/en/v9_18_11/reference.html#logging-block-definition-and-usage
for further info.
Perhaps define category default { } and a channel { } to go with it?
I have this in my server:
channel primary_log {
file "/var/log/named/primary.log" versions 10 size 10m;
severity info;
print-time local;
print-category yes;
print-severity yes;
};
category default {
primary_log;
};
Thank you,
Darren Ankney
On Sat, Jun 10, 2023 at 1:01 AM Kereszt Vezeték wrote:
>
> Hi
>
> logging {
> channel update_log {
> file "/var/log/bind/updates/update-debug.log" versions
> 5 size 20m;
> severity warning;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
> category update { update_log; };
>
> channel zone_transfers_log {
> file "/var/log/bind/xfer/zone-transfers.log" versions
> 5 size 20m;
> severity debug;
> print-time yes;
> print-category yes;
> print-severity yes;
> };
> category xfer-in { zone_transfers_log; };
> category xfer-out { zone_transfers_log; };
>
> channel query_log {
> file "/var/log/bind/queries/query.log" versions 10 size 50m;
> severity info;
> print-category yes;
> print-severity yes;
> print-time yes;
> };
> category config { query_log; };
> category queries { query_log; };
> };
> Thanks
>
> On Fri, Jun 9, 2023 at 10:57 PM Darren Ankney wrote:
> >
> > Hi Zoltan,
> >
> > Can you share your entire logging {} block? Maybe there will be some
> > clue there.
> >
> > Thank you,
> >
> > Darren Ankney
> >
> > On Fri, Jun 9, 2023 at 8:14 AM Kereszt Vezeték wrote:
> > >
> > > Hi Everybody !
> > >
> > > I have bind9 server with query logging setup.
> > > It work well, but all of query registration logged is /var/log/syslog
> > > file.
> > > Can I avoid that duplicated logging ? I would like see only separated log
> > > file.
> > > Related configuration ( debian11 )
> > >
> > > ---
> > > channel query_log {
> > > file "/var/log/bind/queries/query.log" versions 10 size
> > > 50m;
> > > severity info;
> > > print-category yes;
> > > print-severity yes;
> > > print-time yes;
> > > };
> > > category config { query_log; };
> > > category queries { query_log; };
> > > -
> > >
> > > Thank You
> > > regards
> > > zoltan
> > > --
> > > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> > > from this list
> > >
> > > ISC funds the development of this software with paid support
> > > subscriptions. Contact us at https://www.isc.org/contact/ for more
> > > information.
> > >
> > >
> > > bind-users mailing list
> > > bind-users@lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> > --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> > this list
> >
> > ISC funds the development of this software with paid support subscriptions.
> > Contact us at https://www.isc.org/contact/ for more information.
> >
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Controlling which interface named uses
On Fri 09/Jun/2023 18:32:25 +0200 Anand Buddhdev wrote: On 09/06/2023 17:26, Alessandro Vesely wrote: Having two WANs, it would be reasonable, in case one doesn't work, to try the other one. However, it's always useless to try the LAN. Is there any way to configure which interface is used for outgoing queries? You can configure "query-source" and "query-source-v6" in named.conf, to tell BIND which interface to use for outgoing queries. Thank you, Anand; I hadn't found those statements. However, they take a single address only. I'm not as much concerned about IP version as about availability. Enabling IPv6 looks nice as I see queries going out through an interface which is not the default. But will named turn back to the default interface in case the IPv6 link goes down? Keep in mind that links sometimes seem to be up, as they're connected to a PPP peer or router, for example, but don't actually work. Knowing that UDP entails multiple attempts, it would be great to have, say, even attempts on wan0 and odd ones on wan1. If that's not possible, perhaps I could look for ways to configure it using dscp. Any hint? Best Ale -- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Controlling which interface named uses
You are over-complicating things. If unconfigured, named binds the outgoing UDP to 0.0.0.0 (::0), which means the chosen IP address is picked by the kernel. You need to configure priorities on your interfaces in the kernel - ip route is your friend. And for goddess’ sake, don’t do anything wild like proposed round robin across default routes. That would be a living hell to debug. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 10. 6. 2023, at 18:55, Alessandro Vesely wrote: > > On Fri 09/Jun/2023 18:32:25 +0200 Anand Buddhdev wrote: >>> On 09/06/2023 17:26, Alessandro Vesely wrote: >>> Having two WANs, it would be reasonable, in case one doesn't work, to try >>> the other one. However, it's always useless to try the LAN. Is there any >>> way to configure which interface is used for outgoing queries? >> You can configure "query-source" and "query-source-v6" in named.conf, to >> tell BIND which interface to use for outgoing queries. > > > Thank you, Anand; I hadn't found those statements. However, they take a > single address only. > > I'm not as much concerned about IP version as about availability. Enabling > IPv6 looks nice as I see queries going out through an interface which is not > the default. But will named turn back to the default interface in case the > IPv6 link goes down? > > Keep in mind that links sometimes seem to be up, as they're connected to a > PPP peer or router, for example, but don't actually work. Knowing that UDP > entails multiple attempts, it would be great to have, say, even attempts on > wan0 and odd ones on wan1. If that's not possible, perhaps I could look for > ways to configure it using dscp. Any hint? > > > Best > Ale > -- > > > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Controlling which interface named uses
The other approach might be the up/down scripts on your ppp connection that will reconfigure the query-source(-v6) address as the connection is established or tore down. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 10. 6. 2023, at 19:24, Ondřej Surý wrote: > > You are over-complicating things. If unconfigured, named binds the outgoing > UDP to 0.0.0.0 (::0), which means the chosen IP address is picked by the > kernel. You need to configure priorities on your interfaces in the kernel - > ip route is your friend. > > And for goddess’ sake, don’t do anything wild like proposed round robin > across default routes. That would be a living hell to debug. > > Ondřej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not feel > obligated to reply outside your normal working hours. > >> On 10. 6. 2023, at 18:55, Alessandro Vesely wrote: >> >> On Fri 09/Jun/2023 18:32:25 +0200 Anand Buddhdev wrote: > On 09/06/2023 17:26, Alessandro Vesely wrote: > Having two WANs, it would be reasonable, in case one doesn't work, to try > the other one. However, it's always useless to try the LAN. Is there > any way to configure which interface is used for outgoing queries? >>> You can configure "query-source" and "query-source-v6" in named.conf, to >>> tell BIND which interface to use for outgoing queries. >> >> >> Thank you, Anand; I hadn't found those statements. However, they take a >> single address only. >> >> I'm not as much concerned about IP version as about availability. Enabling >> IPv6 looks nice as I see queries going out through an interface which is not >> the default. But will named turn back to the default interface in case the >> IPv6 link goes down? >> >> Keep in mind that links sometimes seem to be up, as they're connected to a >> PPP peer or router, for example, but don't actually work. Knowing that UDP >> entails multiple attempts, it would be great to have, say, even attempts on >> wan0 and odd ones on wan1. If that's not possible, perhaps I could look for >> ways to configure it using dscp. Any hint? >> >> >> Best >> Ale >> -- >> >> >> >> >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >> this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Controlling which interface named uses
On Sat 10/Jun/2023 19:32:31 +0200 Ondřej Surý wrote: The other approach might be the up/down scripts on your ppp connection that will reconfigure the query-source(-v6) address as the connection is established or tore down. Cute! Thank you. Best Ale -- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
