Wednesday, September 28, 2011

Configuring Logging of Bind DNS in Ubuntu

After installing the Bind9 DNS server in Ubuntu, you might find the need to play with the logging settings. Logging is essential when your trying to figure out why the hell DNS setup is not working as expected. Without any explicit logging configuration (from you or your colleagues) Bind will log messages of the category "default" to "/var/log/syslog". In order to customize the configuration to your own needs try the following steps.

Step 1: Create a new file to write your logs to
The location of this file is up to you, but due to AppArmor restrictions in Ubuntu the easiest strategy is to place it in "/var/log/named". If you need to place it somewhere else you might need to alter your AppArmor configuration.
mkdir /var/log/named
touch /var/log/named/debug.log
touch /var/log/named/query.log

Step 2: Define the configuration
You can place your logging configuration in either "/etc/bind/named.conf" or "/etc/bind/named.conf.local". If there is a best practice on where to place it I couldn't find it - do let me know if you have any insights! Which ever file you choose, the content to add would be something like the following:

logging {

channel debug_log {
file "/var/log/named/debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};

channel query_log {
file "/var/log/named/query.log";
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};

category resolver { debug_log; };
category security { debug_log; };
category queries { query_log; };

};

The severity option is the logging level. The possible levels are critical, error, warning, notice, info, debug [ level ] , and dynamic. In the example above you can see I'm using both debug and dynamic. Note that debug is subdivided into levels 1, 2, and 3.

Logs in Bind are divided into categories. In our example we are printing logs from from 3 of the categories. For a complete list of the categories available see the Bind reference

Logs are output to channels. In our example we have two channels, each corresponding to a file. Note from the example how it is possible to send the logs of multiple categories to the one channel.

Step:3 Restart Bind
Don't forget to restart Bind for your changes to take effect.
sudo /etc/init.d/bind9 restart

Credits:


https://help.ubuntu.com/community/BIND9ServerHowto
http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html#id2552867

4 comments:

  1. Also you need to run these to get bind9 to restart after the change:

    chown bind /var/log/named/debug.log
    chown bind /var/log/named/query.log

    ReplyDelete
    Replies
    1. Thx the chown was missing indeed. Now it works like a charm although i'm still strugling with my dns but that's a different toppic.

      Delete
  2. /etc/logrotate.d# cat bind9
    /var/log/named/*.log {
    daily
    size 1M
    rotate 2
    missingok
    notifempty
    compress
    create 0644 bind bind
    postrotate
    /etc/init.d/bind9 reload > /dev/null
    endscript
    }

    ReplyDelete
  3. Better if you simply chown on the directory itself, rather than each individual file. (Also makes it easier to set sticky bit, group permissions, etc)

    ReplyDelete