How to Configure Bind-Chroot Logging on CentOS 6.2

bindIn this post, i will show on how to turn on Bind DNS server logging in order to log all the dns queries on CentOS 6.2 linux server. Assumed that the bind9 chroot has been properly configured.

1. Create Soft link, symlink or symbolic link to /var/log :

[root@ns1 ~]# ln -sf /var/named/chroot/var/log/dns.log /var/log/dns.log
[root@ns1 ~]# ln -sf /var/named/chroot/var/log/dns_queries.log /var/log/dns_queries.log

2. Open named.conf :

[root@ns1 ~]# vim /var/named/chroot/etc/named.conf

3. Add the following bind logging script into named.conf :

..
..
logging {
        channel log_dns {
                file "/var/log/dns.log" versions 3 size 10m;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel log_queries {
                file "/var/log/dns_queries.log" versions 3 size 20m;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category default {log_dns;};
        category queries {log_queries;};
        category lame-servers { null;};
        category edns-disabled { null; };
};
..
..

Full named.conf configuration :

options {
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
forwarders { 8.8.8.8; };
};
include "/etc/rndc.key";


logging {
        channel log_dns {
                file "/var/log/dns.log" versions 3 size 10m;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel log_queries {
                file "/var/log/dns_queries.log" versions 3 size 20m;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category default {log_dns;};
        category queries {log_queries;};
        category lame-servers { null;};
        category edns-disabled { null; };
};


// We are the master server for ehowstuff.local
 zone "ehowstuff.local" {
        type master;
        file "/var/named/ehowstuff.local";
        allow-transfer {192.168.1.54;};
        allow-update {none;};
};

4. To display last lines on dns_queries.log, simply execute the following command :

[root@ns1 ~]# tail -f /var/log/dns_queries.log

Examples logged dns queries :

02-Jun-2012 23:45:09.958 queries: info: client 192.168.1.52#64527: query: www.facebook.com IN A + (192.168.1.44)
02-Jun-2012 23:45:10.023 queries: info: client 192.168.1.52#55959: query: www.lqconsulting.com IN A + (192.168.1.44)
02-Jun-2012 23:45:10.047 queries: info: client 192.168.1.52#60625: query: digg.com IN A + (192.168.1.44)
02-Jun-2012 23:45:10.098 queries: info: client 192.168.1.52#51729: query: reddit.com IN A + (192.168.1.44)
02-Jun-2012 23:45:10.137 queries: info: client 192.168.1.52#58908: query: www.adroll.com IN A + (192.168.1.44)
02-Jun-2012 23:45:10.966 queries: info: client 192.168.1.52#49432: query: mail.google.com IN A + (192.168.1.44)
02-Jun-2012 23:45:11.077 queries: info: client 192.168.1.52#58493: query: alerts.conduit-services.com IN A + (192.168.1.44)
02-Jun-2012 23:45:13.781 queries: info: client 192.168.1.52#55403: query: plus.google.com IN A + (192.168.1.44)
02-Jun-2012 23:46:20.203 queries: info: client 192.168.1.52#54825: query: realtime.services.disqus.com IN A + (192.168.1.44)
02-Jun-2012 23:46:30.113 queries: info: client 192.168.1.52#52337: query: qq.disqus.com IN A + (192.168.1.44)
Leave a Reply

Your email address will not be published. Required fields are marked *

SiteGround.com

A world leading hosting company that provides fully-managed innovative and secure solutions, suitable for hosting small to medium-sized websites

Built on the best available technologies combined with Google Cloud for strong redundancy and application availability. Backed by skilled experts to address web security threats, a devops team to create advanced custom security solutions, and 24/7 sysadmins to watch over the platform. This powerful, hands-on approach makes your sites faster, safer, and easier to manage. Starting from only $3.95/mo.

TRY FREE

* up to 30 days money back guarantee