Re: Logging with Unencrypted DNS, DoT and DoH

> On 17 Sep 2024, at 22:39, Bischof, Ralph F. (MSFC-IS64)[AEGIS] via bind-users > wrote: > > Hello, > BIND 9.18.7 > RHEL 8.10 (Oopta) > I am being asked if it is possible to differentiate the percentage of > queries coming into a server that are unencrypted, DoT and DoH. > Example: For

RE: Logging with Unencrypted DNS, DoT and DoH

Ralph, You already may be aware of the BIND webinar's put on by ISC and presented by Carsten: https://www.isc.org/docs/BIND_9webinar2.pdf https://www.youtube.com/watch?v=7Uu6XvY68SM If not, spend some time watching the video and would like to point out that slide 12 lists several COTS vendors

RE: Logging with Unencrypted DNS, DoT and DoH

Hi Ralph, I don't believe this is presently possible but it's being considered for future development. Please see the following Issue Ticket for more details: https://gitlab.isc.org/isc-projects/bind9/-/issues/2748 Best, Richard. From: bind-users On Behalf Of Bischof, Ralph F. (MSFC-IS64)[A

Re: Logging statements w.r.t. view in Bind 9.16.18

Original Message - > From: bind-users@lists.isc.org > To: bind-users@lists.isc.org > Sent: Tuesday, August 24, 2021 5:37:35 PM > Subject: Re: Logging statements w.r.t. view in Bind 9.16.18 > > Hi there, > > On Tue, 24 Aug 2021, Gaurav Kansal wrote: > >> I want a

Re: Logging statements w.r.t. view in Bind 9.16.18

- From: bind-users@lists.isc.org To: bind-users@lists.isc.org Sent: Tuesday, August 24, 2021 5:37:35 PM Subject: Re: Logging statements w.r.t. view in Bind 9.16.18 Hi there, On Tue, 24 Aug 2021, Gaurav Kansal wrote: > I want a clarity whether we can have individual logging statement > pe

Re: Logging statements w.r.t. view in Bind 9.16.18

Hi there, On Tue, 24 Aug 2021, Gaurav Kansal wrote: I want a clarity whether we can have individual logging statement per view basis ? Whatever i found on google, i think we can't. My use case for separate logging statement is as follows - In my recursive server, i have 2 views, one for my in

Re: Logging on a Bind server

senthan.sivasunda...@szkb.ch wrote: > One Day it came an alert from Cybereason (Antivirus-Software), that our > Bind server tried to Connect to a suspicious domain "ns2.honeybot.us". > But I couldn't find the log, which domain the BIND server was searching > for, so that the BIND server has to c

Re: Logging on a Bind server

> On 20 Oct 2020, at 18:02, Chuck Aurora wrote: > > On 2020-10-20 10:34, Borja Marcos wrote: >>> On 20 Oct 2020, at 17:28, Rick Dicaire wrote: >>> On Tue, Oct 20, 2020 at 10:17 AM wrote: >>> Dear BIND-Users, >>> Does someone has an idea, which log I have to activate. > > While everything Bo

Re: Logging on a Bind server

On 2020-10-20 10:34, Borja Marcos wrote: On 20 Oct 2020, at 17:28, Rick Dicaire wrote: On Tue, Oct 20, 2020 at 10:17 AM wrote: Dear BIND-Users, Does someone has an idea, which log I have to activate. While everything Borja says below, and what Kevin said in the other subthread, is absolutel

Re: Logging on a Bind server

[ Classification Level: GENERAL BUSINESS ] Sorry to follow up on my own post, but I feel I should add a caveat about blocking IPs -- the resolution of ns2.honeypot.us could *change* over time, so an IP-based block might not be effective in the long term, and in fact might cause more harm than good

Re: Logging on a Bind server

> On 20 Oct 2020, at 17:28, Rick Dicaire wrote: > > On Tue, Oct 20, 2020 at 10:17 AM wrote: > Dear BIND-Users, > > Does someone has an idea, which log I have to activate. > > > Do you have querylog enabled? Querylog is not enough. It will tell you which clients are sending which queries,

Re: Logging on a Bind server

On Tue, Oct 20, 2020 at 10:17 AM wrote: > Dear BIND-Users, > > Does someone has an idea, which log I have to activate. > Do you have querylog enabled? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list IS

Re: Logging on a Bind server

[ Classification Level: GENERAL BUSINESS ] According to securitytrails.com (for instance), there are over 3,000 domains hosted on ns2.honeybot.us (securitytrails only shows the first few domains hosted -- to see more, one presumably needs a subscription to their service). If one of your clients l

Re: Logging of notify sending

Greg Rivers wrote: > As Rick Dicaire said previously, "Notifications themselves don't use TSIG". Depends on your configuration :-) 28-May-2019 01:43:13.162 notify: info: client @0x5591b0877080 2001:630:212:8::d:aa#31085/key tsig-ipreg: view main: received notify for zone 'cam.ac

Re: Logging of notify sending

On Sun, May 26, 2019 at 6:05 PM Rick Dicaire wrote: > dns2 named[23971]: client @0x7fa83ce341c0 192.168.15.1#37178/key > gw-zones: received notify for zone 'ldev': TSIG 'gw-zones' > > Seems I got it to work. Thanks Axel, and list. > While I see the receiving slave show TSIG in log message, does

Re: Logging of notify sending

dns2 named[23971]: client @0x7fa83ce341c0 192.168.15.1#37178/key gw-zones: received notify for zone 'ldev': TSIG 'gw-zones' Seems I got it to work. Thanks Axel, and list. On Sun, May 26, 2019 at 4:37 PM Greg Rivers wrote: > On Sunday, May 26, 2019 11:51:38 AM CDT Axel Rau wrote: > > > > > Am 2

Re: Logging of notify sending

On Sunday, May 26, 2019 11:51:38 AM CDT Axel Rau wrote: > > > Am 26.05.2019 um 18:38 schrieb Rick Dicaire : > > > A quick google search of "bind also-notify key" returns: > > > > https://kb.isc.org/docs/aa-00851 > > https://kb.isc.org/docs/aa-00296 > > > > Looks like keys provide a means to dif

Re: Logging of notify sending

> Am 26.05.2019 um 18:38 schrieb Rick Dicaire : > A quick google search of "bind also-notify key" returns: > > https://kb.isc.org/docs/aa-00851 > https://kb.isc.org/docs/aa-00296 > > Looks like keys provide a means to differentiate views. ARM for bind 9.14.1 says on page 24: For example, a k

Re: Logging of notify sending

> On Sun, May 26, 2019 at 3:43 AM Axel Rau wrote: > So what for is the optional key in the also-notify statement? A quick google search of "bind also-notify key" returns: https://kb.isc.org/docs/aa-00851 https://kb.isc.org/docs/aa-00296 Looks like keys provide a means to differentiate views. _

Re: Logging of notify sending

> Am 26.05.2019 um 00:24 schrieb Greg Rivers : > > On Saturday, May 25, 2019 4:07:45 PM CDT Axel Rau wrote: >>> Am 25.05.2019 um 22:30 schrieb Anand Buddhdev : >>> 25-May-2019 10:00:02.589 notify: zone 2.in-addr.arpa/IN: sending notifies >>> (serial 1558778402) >> >> Yes, but even with debug 8

Re: Logging of notify sending

On Saturday, May 25, 2019 4:07:45 PM CDT Axel Rau wrote: > > Am 25.05.2019 um 22:30 schrieb Anand Buddhdev : > > 25-May-2019 10:00:02.589 notify: zone 2.in-addr.arpa/IN: sending notifies > > (serial 1558778402) > > Yes, but even with debug 8, I get only this summary. > No chance to get an log entry

Re: Logging of notify sending

> Am 25.05.2019 um 22:30 schrieb Anand Buddhdev : > > 25-May-2019 10:00:02.589 notify: zone 2.in -addr.arpa/IN: > sending > notifies (serial 1558778402) Yes, but even with debug 8, I get only this summary. No chance to get an log entry per server and the TSIG key in use. Thanks,

Re: Logging of notify sending

If you've configured TSIG, syslog will show it as I have indicated previously. Notifications themselves don't use TSIG: May 25 13:46:32 dns1 named[28905]: zone dhcp.ldev/IN: sending notifies (serial 2017051322) May 25 13:46:32 dns2 named[23971]: client @0x7fa834ee9ee0 192.168.15.1#63456: received

Re: Logging of notify sending

On 25/05/2019 18:26, Axel Rau wrote: Hi Axel, > category notify seems to cover reception of notifies. > How can I log sending of notifies? > I want to check, if the TSIG key is being used for the notify. > > tcpdump seems not to show any keys. BIND *does* log sending notifies, in the "notify" c

Re: Logging of notify sending

> Am 25.05.2019 um 21:02 schrieb Rick Dicaire : > > > > On Sat, May 25, 2019 at 12:27 PM Axel Rau > wrote: > Hi all, > > category notify seems to cover reception of notifies. > How can I log sending of notifies? > I want to check, if the TSIG key is being used for

Re: Logging of notify sending

On Sat, May 25, 2019 at 12:27 PM Axel Rau wrote: > Hi all, > > category notify seems to cover reception of notifies. > How can I log sending of notifies? > I want to check, if the TSIG key is being used for the notify. > > Have you looked at syslog? You should see similar to: May 25 13:04:28 dn

Re: Logging ECS information for RPZ rewrites

Brian Keifer wrote: > > The architecture I've been working with so far is a pair of front-end proxy > servers running keepalived to share a virtual IP and PowerDNS's dnsdist as > the actual proxy. The proxies set ECS to the client's IP address and pass > the request to one of four back-end cachin

Re: Logging resolved IP

Mukund Sivaraman wrote: > On Tue, Sep 19, 2017 at 05:16:36PM +0200, Job wrote: > > > > is there a way to log resolved IP in Bind log files? > > I am able to do it with tcpdump, but i do not like a "sniffering" solution! > > Turn up logging level to over 10, such as named -d 11. It will then log >

Re: Logging resolved IP

strange as need , see channels inside logging engine is user query log , create a log channel for queries done it does not change if done from a client or another dns really it is a huge volume log (depending on number of queries) From: bind-users on beha

Re: Logging resolved IP

On Tue, Sep 19, 2017 at 05:16:36PM +0200, Job wrote: > Hi guys, > > is there a way to log resolved IP in Bind log files? > Example: > www.google.com 4.3.2.1 > > I am able to do it with tcpdump, but i do not like a "sniffering" solution! Turn up logging level to over 10, such as named -d 11. It w

Re: Logging to syslog

> > What exactly does "slow down" mean here? Are you missing messages in > > the log files? Or are requests not answered in a timely fashion? > > > > "slow down" means an increment in the time consumed by bind to answer a > query. > "heavy load" means about 20 millions query / day per machine, wit

Re: Logging to syslog

2016-12-07 8:27 GMT+01:00 Peter Rathlev : > stores _everything_, including debug messages from "execute", you might > want "Storage=volatile" there as well. You probably already have > thanks, i missed this volatile thing > What exactly does "slow down" mean here? Are you missing messages in >

Re: Logging to syslog

On Tue, 2016-12-06 at 13:23 +0100, Ivan Fabris wrote: > I set up some dns logging to syslog ( rsyslog actually ), which > forwards local1.* and local2.* to a remote rsyslog [...] > Both syslog, and journalctl, have all the rate limits set to infinite > ( all that I could find ) Urgh... journalctl.

Re: Logging question about message 'update-security: error: client update denied'

Okay, yeah I am running DHCP on the same server so I'll check its settings. Thanks! On Mon, May 16, 2016 at 6:08 PM, Matthew Pounsett wrote: > > > On 16 May 2016 at 19:03, Josh Nielsen wrote: > >> Thank you for the response Mark. I'm still a little confused at what this >> might mean though. C

Re: Logging question about message 'update-security: error: client update denied'

In message , Josh Nielsen writes: I have a message that has been showing up in my master DNS server's log over the past few weeks and I am wondering if I can find more verbose specifics from debugging messages in BIND somehow. The messsage looks like this: May 16 10:52:16 dns01 named[2591]: 1

Re: Logging question about message 'update-security: error: client update denied'

On 16 May 2016 at 19:03, Josh Nielsen wrote: > Thank you for the response Mark. I'm still a little confused at what this > might mean though. Clearly the originating address is my slave DNS server > (every single one of the messages say "error: client 10.20.0.101"). > > Are you saying that some p

Re: Logging question about message 'update-security: error: client update denied'

Could it maybe be dhcp related? On Mon, May 16, 2016 at 6:03 PM, Josh Nielsen wrote: > Thank you for the response Mark. I'm still a little confused at what this > might mean though. Clearly the originating address is my slave DNS server > (every single one of the messages say "error: client 10.2

Re: Logging question about message 'update-security: error: client update denied'

Thank you for the response Mark. I'm still a little confused at what this might mean though. Clearly the originating address is my slave DNS server (every single one of the messages say "error: client 10.20.0.101"). Are you saying that some process other than named on the same server (10.20.0.101)

Re: Logging question about message 'update-security: error: client update denied'

In message , Josh Nielsen writes: > Hello, > > I have a message that has been showing up in my master DNS server's log > over the past few weeks and I am wondering if I can find more verbose > specifics from debugging messages in BIND somehow. > > The messsage looks like this: > > May 16 10:5

Re: logging bug for rpz at load-time?

On Thu, Sep 03, 2015 at 03:30:43PM +0100, Phil Mayers wrote: > I'm a tiny bit uncomfortable exposing the detailed config here given > what it does. You can open a bug ticket at bind9-b...@isc.org. ISC's bug database is closed and confidential for this exact reason. -- Evan Hunt -- e...@isc.org

Re: logging bug for rpz at load-time?

On 03/09/15 15:14, Mukund Sivaraman wrote: The numbers are overall counts for that view, after the contents of that policy zone have been loaded. Cumulatively, they should match the number of records in your policy zones (named starts with empty RPZ state). In that case, those counts are absol

Re: logging bug for rpz at load-time?

Hi Phil On Thu, Sep 03, 2015 at 01:22:48PM +0100, Phil Mayers wrote: > Minor cosmetic bug, but we're seeing logs like: > > 03-Sep-2015 12:18:50.751 (re)loading policy zone 'rpz.' changed from > 0 to 77406 qname, 0 to 0 nsdname, 769 to 771 IP, 0 to 0 NSIP, 0 to 0 > CLIENTIP entries > > 03-Sep-201

Re: logging via named.conf

On Wed, May 28, 2014 at 09:58:39PM -0700, Jim Pazarena wrote: > Is there an easy way in the named.conf logging to > have ALL logging go to local2 ? > > I've created: > > logging { >channel syslog-local2 { > syslog local2; > print-category yes; > print-severity yes; >

Re: logging query time

-Original Message- From: Birta Levente Date: Wednesday, November 13, 2013 3:29 PM To: "bind-users@lists.isc.org" Subject: logging query time >Hi > >I have a caching nameserver (bind 9.8.2) and I curious if I can log the >duration of queries to the forwarders? not that i know of easily (

Re: Logging

On 1/8/2013 8:19 AM, Timothe Litt wrote: What I think would be more useful is if named actually reported the issues to where they'd do some good. Perhaps a DNS extension "I got an invalid message from you" - so it shows up in the log of the server (and administrator) with the problem. (I'd wo

Re: Logging

You might as well solve world poverty and cure cancer while you're at it. :-) Maybe tomorrow. How do you notify someone -- good luck getting valid contact data for the domain holder As I suggested - if we put data into a database/trouble list, shame should work. Or their customers will find i

Re: Logging

Timothe Litt wrote on 01/08/2013 08:19:56 AM: > What I think would be more useful is if named actually reported the > issues to where they'd do some good. Perhaps a DNS extension "I got an > invalid message from you" - so it shows up in the log of the server (and > administrator) with the pr

Re: Logging

On 08/01/13 14:19, Timothe Litt wrote: >> 1. Should ISC change the default logging for lame servers to disabled? > > Well, since you asked: the lame server logging goes back to when the > internet was a small, collegial place and one wrote a quick note to a > friend to fix these issues. And peop

Re: Logging no such name

On Nov 19, 2012, at 3:32 AM, Artemis Braja wrote: > Hello, > > I've been using BIND 9.8 for some time but I can't find a way to log "no such > name" or "noanswer" responses with bind logging clause. > > Actually I'm able to log by setting the debug level to 3, but yet it's too > hard to parse i

Re: logging to syslog on another host?

Hi Thanks for good answers, I now know what to do and how to proceed. Thanks. On 30/05/12 13:17, Matus UHLAR - fantomas wrote: > On 30.05.12 12:16, Sten Carlsen wrote: >> I was considering to use the syslog on a different host for logging from >> bind. The purpose was to collect logs from vario

Re: logging to syslog on another host?

On 30.05.12 12:16, Sten Carlsen wrote: I was considering to use the syslog on a different host for logging from bind. The purpose was to collect logs from various places into one repository. [...] Can bind send its logging output to an external syslog? Not directly. However, that is what sysl

Re: logging to syslog on another host?

I think the normal way to do this is run a syslog server on the host running bind, which is configured to just forward all log messages to the remote syslog server. Otherwise, bind would have to implement the syslog network protocol(s) itself, rather than just use the system standard local syslog f

Re: logging to syslog on another host?

On 30/05/2012 11:16, Sten Carlsen wrote: Hi I was considering to use the syslog on a different host for logging from bind. The purpose was to collect logs from various places into one repository. This is not a busy installation so performance is not expected to be a problem. I looked in t

Re: logging to syslog on another host?

It's syslogd's job to relay messages to other servers. You need to configure syslogd to do this for named. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org __

Re: logging to syslog on another host?

Sten The syslog daemon on the machine where BIND runs on will send the syslog messages to the central syslog server. So you need to configure your syslog.conf file to send the facility that BIND uses, normaly daemon, to the remote syslog server. The syslog.conf on Solaris looks something lik

Re: Logging issue with bind

On Fri, 17 Feb 2012, Andrea Gozzi wrote: > All further tests haven't produced any results. Any related log messages in your other named logging about it. (Maybe some isc_stdio_open error for example?) Why were the permissions of your log file rwxrwxrwx? (Why executable? Why writable by other?)

Re: Logging issue with bind

On Thu, 2012-02-16 at 19:06 +0100, Raven wrote: > On Thu, 2012-02-16 at 09:55 -0600, Jeremy C. Reed wrote: > > On Fri, 17 Feb 2012, Mark Andrews wrote: > > > > > > Do: > > > > > > > > rndc querylog > > > > > > or "querylog yes;" > > > > But the previous email showed rndc status had: > > > > qu

Re: Logging issue with bind

On 02/16/2012 06:02 PM, Chris Thompson wrote: "severity dynamic" starts at 0 i.e. off. No 0 is equivalent to "info", except in one case: Ah, my mistake. I took a quick look at the posters config and saw this as the only difference from our standard one, hence called it out. Sorry for the

Re: Logging issue with bind

On Thu, 2012-02-16 at 09:55 -0600, Jeremy C. Reed wrote: > On Fri, 17 Feb 2012, Mark Andrews wrote: > > > > Do: > > > > > > rndc querylog > > > > or "querylog yes;" > > But the previous email showed rndc status had: > > query logging is ON Indeed. I tried disabling and re-enabling it, but to

Re: Logging issue with bind

On Feb 16 2012, Phil Mayers wrote: On 02/16/2012 09:48 AM, Raven wrote: Hi guys. I am currently trying to setup query logging with bind on a debian server, but I seem unable to. I have the exact same setup on another debian box and it works flawlessly. I've been scratching my head all morning..

Re: Logging issue with bind

On Fri, 17 Feb 2012, Mark Andrews wrote: > > Do: > > > > rndc querylog > > or "querylog yes;" But the previous email showed rndc status had: query logging is ON ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from

Re: Logging issue with bind

In message <20120216121954.94...@gmx.net>, "Tom Schmitt" writes: > > > Von: Raven > > > > > I am currently trying to setup query logging with bind on a debian > > > > server, but I seem unable to. > > > > > logging { > > > >channel munin_log { > > > > file "/var/log/bind9/query.log" v

Re: Logging issue with bind

> Von: Raven > > > I am currently trying to setup query logging with bind on a debian > > > server, but I seem unable to. > > > logging { > > >channel munin_log { > > > file "/var/log/bind9/query.log" versions 30 size 15m; > > > severity dynamic; > > "severity dynamic" starts at

Re: Logging issue with bind

On Thu, 2012-02-16 at 09:54 +, Phil Mayers wrote: > On 02/16/2012 09:48 AM, Raven wrote: > > Hi guys. > > I am currently trying to setup query logging with bind on a debian > > server, but I seem unable to. > > I have the exact same setup on another debian box and it works > > flawlessly. I've

Re: Logging issue with bind

On 02/16/2012 09:48 AM, Raven wrote: Hi guys. I am currently trying to setup query logging with bind on a debian server, but I seem unable to. I have the exact same setup on another debian box and it works flawlessly. I've been scratching my head all morning.. My configuration: /etc/bind/named.c

Re: Logging queries and answers

On 10/6/2011 7:27 AM, 风河 wrote: > On Thu, Oct 6, 2011 at 4:32 PM, Job wrote: >> Hello Bind-Users ML, >> >> is there a way, a patch or something else, in order to log: >> >> - date/time >> - client >> - request (es www.site.com) >> - reply (es. 1.1.1.1) >> >> in a file, without using debug log form

Re: Logging queries and answers

Have you read the BIND logging clause: http://www.zytrax.com/books/dns/ch7/logging.html On Thu, Oct 6, 2011 at 4:32 PM, Job wrote: > Hello Bind-Users ML, > > is there a way, a patch or something else, in order to log: > > - date/time > - client > - request (es www.site.com) > - reply (es. 1.1.1

Re: Logging question

update-security In message , wbr...@e1b.org writes: > Running an Ubuntu server with the distro provided named 9.4.2.df. After > taking ISC's Intro to DNS and BIND class, I've gotten the courage to > tackle some of the logging tweaks I would like. All the lame server > errors are hap

Re: Logging Response Results

The .SE Registry has created a solution that stores queries and answers. PacketQ (replaces DNS2DB) PacketQ is a tool for analyzing PCAP-data, if can work with any packets but is designed primarily for DNS and ICMP-traffic. PacketQ reads, filters and groups the packets read from the PCAP-file

Re: Logging Response Results

On Thu, Jun 23, 2011 at 02:31:22PM -0700, Ray Van Dolson wrote a message of 37 lines which said: > If you're handy with Python, pcapy[1] Quite limited. > and impacket[2] No IPv6 support. And, anyway, neither pcapy nor impacket parses the DNS (if you read French, see

Re: Logging Response Results

On Thu, Jun 23, 2011 at 10:27:31PM +0200, Stefan Certic wrote a message of 65 lines which said: > stored into database (matching the initial query from query log). This may help: > We monitor our email system and may record your emails. Don't!

Re: Logging Response Results

Unfortunately not, since billing is per query based, and each zone can have different pricing. Also, results per query are very important for analytical purposes in order to be able to spot problems in case some of forward zones stop wroking and/or provide unacceptable sucess rates. Anyway, i a

Re: Logging Response Results

On Jun 23, 2011, at 2:28 PM, Stefan Certic wrote: > It is Enum server, and logging is taking care of billing process. I don't see why you need to preserve queries and responses, unless you plan to charge differently for different DNS requests. Can't you just track traffic per client using netfl

Re: Logging Response Results

On Thu, Jun 23, 2011 at 01:58:37PM -0700, Phil Mayers wrote: > On 06/23/2011 09:27 PM, Stefan Certic wrote: > > Thanks Chuck > > > > Yes, that would be a solution, but i need logs processed through syslog and > > stored into database (matching the initial query from query log). > > > > Pharsing tcp

Re: Logging Response Results

It is Enum server, and logging is taking care of billing process. Flow is going something like this: - Accept Query - Write QueryLog through Syslog - Syslog do an insert into database. - Respond to query by asking forwarder or through local master zone (Everything fine till now) - Log response se

Re: Logging Response Results

On 6/23/2011 4:27 PM, Stefan Certic wrote: Thanks Chuck Yes, that would be a solution, but i need logs processed through syslog and stored into database (matching the initial query from query log). Pharsing tcpdump is not going to be suitable for highly loaded system. I was more looking for a s

Re: Logging Response Results

On 06/23/2011 09:27 PM, Stefan Certic wrote: Thanks Chuck Yes, that would be a solution, but i need logs processed through syslog and stored into database (matching the initial query from query log). Pharsing tcpdump is not going to be suitable for highly loaded system. I was more looking for a

Re: Logging Response Results

On Jun 23, 2011, at 1:27 PM, Stefan Certic wrote: > Thanks Chuck > > Yes, that would be a solution, but i need logs processed through syslog and > stored into database (matching the initial query from query log). Why do you need to send this information via syslog to a database? > Pharsing tcpd

Re: Logging Response Results

Thanks Chuck Yes, that would be a solution, but i need logs processed through syslog and stored into database (matching the initial query from query log). Pharsing tcpdump is not going to be suitable for highly loaded system. I was more looking for a solution to log responses same way queryes a

Re: Logging Response Results

On Jun 23, 2011, at 12:16 PM, Stefan Certic wrote: > Does anyone have idea on following... Apart from bind9 query log, is it > possible to log response returned to client? Sure: use tcpdump, wireshark, or another network sniffer of your choice and observe DNS responses to the clients you're inte

Re: Logging SERVFAIL Errors

In message <20101008163912.378754d...@britaine.cis.anl.gov>, Barry Finkel write s: > Am Fri, 8 Oct 2010 09:09:16 -0500 (CDT) > schrieb b19...@anl.gov (Barry Finkel): > > >> On BIND 9.7.1-P2 I have in named.conf: > >> > >> channel query-errors-log { > >> file "/var/log/named.qu

Re: Logging SERVFAIL Errors

Am Fri, 8 Oct 2010 09:09:16 -0500 (CDT) schrieb b19...@anl.gov (Barry Finkel): >> On BIND 9.7.1-P2 I have in named.conf: >> >> channel query-errors-log { >> file "/var/log/named.query-errors.log" versions 3 size >> 200k; print-category yes; >> print-severity yes; >

Re: Logging SERVFAIL Errors

You have to set a debug level of at least 1 to capture SERVFAIL errors in your logfile. Ciao Torsten Am Fri, 8 Oct 2010 09:09:16 -0500 (CDT) schrieb b19...@anl.gov (Barry Finkel): > On BIND 9.7.1-P2 I have in named.conf: > > channel query-errors-log { > file "/var/log/named

Re: logging forwarding reqs

In article , Gregory Hicks wrote: > > Date: Thu, 15 Apr 2010 14:25:35 -0400 > > Subject: Re: logging forwarding reqs > > From: Jonathan Reed > > To: bind-users@lists.isc.org > > > > But I am still unable to determine if those reqs are asking the > >

Re: logging forwarding reqs

> Date: Thu, 15 Apr 2010 14:25:35 -0400 > Subject: Re: logging forwarding reqs > From: Jonathan Reed > To: bind-users@lists.isc.org > > But I am still unable to determine if those reqs are asking the > forwarders. > > The forwarders are all Windows boxes which I d

Re: logging forwarding reqs

Indeed I have setup querylog, and I have these show in my logs: Apr 15 14:20:00 TOR-HYPER-01 named[10228]: client 172.18.4.214#47149: query: google.ca IN A + Apr 15 14:20:09 TOR-HYPER-01 named[10228]: client 172.18.4.214#51366: query: yahoo.ca IN A + Apr 15 14:23:32 TOR-HYPER-01 named[10228]: clien

Re: Logging problems on Bind9

Autuori Gianluigi wrote: > I'm using Bind9 and Ubuntu 8.04 kernel 2.6.24. > Named runs as bind user and in my named.conf.local I wrote: Ubuntu uses AppArmor (http://en.wikipedia.org/wiki/AppArmor) You need to edit the profile for usr.sbin.named in /etc/apparmor.d/ if you want named to write file

Re: Logging problems on Bind9

You're seeing a message from SELinux. Turn it off, or set it to permissive mode, to allow this to work. Or you can try to add the necessary permission to the profile for named; this is not something I've ever done, so I can't give guidance. Chris Buxton On Jan 11, 2010, at 3:24 AM, Autuori Gia

Re: Logging problem

Raven wrote: > Hi all. > I have just deployed a bind installation (freebsd port v9.4.3-P2) The port was updated to 9.4.3-P3 the same day it was released. That version contains an important bug fix that you want. Please update your ports tree and install the new version. > and I > seem to be unabl

Re: Logging problem

In message <1249836935.3123.24.ca...@osmosis.gnet.eu>, Raven writes: > Hi all. > I have just deployed a bind installation (freebsd port v9.4.3-P2) and I > seem to be unable to have it log the queries. > This is the section I put in named.conf: > > logging { > channel munin_log { > file "/va

Re: logging query results

In article <[EMAIL PROTECTED]>, Mark Andrews <[EMAIL PROTECTED]> wrote: > Disk i/o is just glacially slow when compared to network > i/o. To get disk logging up to network speeds you need to > throw away a lots of it. Which suggests that having filtering built into the logging

Re: logging query results

On Tue, Dec 2, 2008 at 4:28 PM, Kevin Darcy <[EMAIL PROTECTED]> wrote: > Bill Larson wrote: > >> JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]> said: >> >> >> >>> At Fri, 28 Nov 2008 10:08:34 -0800, >>> wes <[EMAIL PROTECTED]> wrote: >>> >>> >>> I would like to know if it's possible to log the outp

Re: logging query results

Disk i/o is just glacially slow when compared to network i/o. To get disk logging up to network speeds you need to throw away a lots of it. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET

Re: logging query results

n Darcy <[EMAIL PROTECTED]> wrote: From: Kevin Darcy <[EMAIL PROTECTED]> Subject: Re: logging query results To: [EMAIL PROTECTED] Date: Wednesday, December 3, 2008, 1:28 PM Bill Larson wrote: JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]> said: At F

Re: logging query results

's roadmap, querylog optimization. fyi on that.. --- On Wed, 12/3/08, Kevin Darcy <[EMAIL PROTECTED]> wrote: > From: Kevin Darcy <[EMAIL PROTECTED]> > Subject: Re: logging query results > To: [EMAIL PROTECTED] > Date: Wednesday, December 3, 2008, 1:28 PM > Bill Larson

Re: logging query results

Bill Larson wrote: JINMEI Tatuya / [EMAIL PROTECTED]@C#:H(B <[EMAIL PROTECTED]> said: At Fri, 28 Nov 2008 10:08:34 -0800, wes <[EMAIL PROTECTED]> wrote: I would like to know if it's possible to log the output of each dns query. Do you mean the response to each query by "outpu

Re: logging query results

On Tue, 2008-12-02 at 15:55 -0700, Bill Larson wrote: > Query logging is a great idea, but OARC has already produced a very > functional "dnscap" which will capture all DNS traffic, queries and > responses, incoming and outgoing. Maybe this type of logging functionality > could be better relega

Re: logging query results

At Tue, 2 Dec 2008 15:55:45 MST, "Bill Larson" <[EMAIL PROTECTED]> wrote: > Adding functionality for for the purpose of better operations is one thing. > Including the capability of performing zone transfers inside BIND was a great > addition rather than having a separate "named-xfer" tool. Th

Re: logging query results

JINMEI Tatuya / [EMAIL PROTECTED]@C#:H(B <[EMAIL PROTECTED]> said: > At Fri, 28 Nov 2008 10:08:34 -0800, > wes <[EMAIL PROTECTED]> wrote: > > > I would like to know if it's possible to log the output of each dns query. > > Do you mean the response to each query by "output"? > > If so, there's

Re: logging query results

On Tue, Dec 2, 2008 at 2:09 PM, JINMEI Tatuya / 神明達哉 <[EMAIL PROTECTED]>wrote: > At Fri, 28 Nov 2008 10:08:34 -0800, > wes <[EMAIL PROTECTED]> wrote: > > > I would like to know if it's possible to log the output of each dns > query. > > Do you mean the response to each query by "output"? > > If so

  1   2   >