BIND 9.3.1rc1 Query Log Format
Alan Shackelford
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Where might I find a complete listing of the fields and their meanings for
BIND9 query logs? I am particualrly interested in the fields near the end of
aech record, like
02-Mar-2005 10:50:08.899 queries: info: client 195.41.46.58#53: Query:
mndhcp01.monument1.jhmi.edu IN A -E
02-Mar-2005 10:50:08.900 queries: info: client 195.41.46.58#53: Query:
mndhcp01.monument1.jhmi.edu IN A6 -E
These are from my external DNS server(s), and I am curious what the -E
represents. I also have quite a few ending in - and a few ending in +. What
is being said here?
Alan
Alan V. Shackelford Sr. Systems Software Engineer
The Johns Hopkins University / Johns Hopkins Medical Institutions
Baltimore, Maryland USA asha...@jhmi.edu 443-997-6773
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQiXror3eNKayeHsJEQI76gCg+V/8fJBJYnXjG8EzO/UbVCb5ne8AoIdu
XiM/mD8jJiM31e99lpt6pdFX
=iN8V
-----END PGP SIGNATURE-----
Martin Lie
> These are from my external DNS server(s), and I am curious what the -E
> represents. I also have quite a few ending in - and a few ending in
> +. What is being said here?
Quoting Jim Reid's mail from Feb 22nd, explaining the query log format:
> The entries should be clear enough: the date and time the query was
> received; the source IP address and port number used by the client;
> and the name, class and qtype. The final field shows if the query had
> the rd (recursion desired) bit set (+) or not (-) -- typically showing
> if the query came from a name server or stub resolver -- or if EDNS0
> (E) was used.
EDNS0 is explained in RFC2671:
http://www.faqs.org/rfcs/rfc2671.html
--
Martin Lie