bind 9 logging
cyber_cynic
myself at a bit of a loss.
On freebsd 4.7 stable bind already logs to /var/log/message. The name server
options statement can contain logging settings. The manual dives straight
into the logging settings but does not really give an overview of how it
works or where it logs to etc.
I am looking for a general overview of how/when to use the logging settings.
Any reference (not the manual) or explanation would be appreciated.
TIA
Bill Larson
> The bind 9 manual is great on detail but low on concept/overview so I find
> myself at a bit of a loss.
Anyone that is serious about understanding DNS and BIND operation must have a
copy of "DNS and BIND" by Paul Albitz & Cricket Liu, published by O'Reilly and
Assc. (http://www.oreilly.com), preferably the latest edition (currently the
4th). If you use the Microsoft DNS server, there is an equivalent "DNS On
Windows NT" also from O'Reilly.
I would define "serious" as anyone that wants to ask about BIND logging,
running a well managed system, etc. This covers just about anyone that runs a
name server and reads this list.
If you follow this list for any period of time, you will find frequent posts
from Cricket Liu helping people out. He will frequently refer you to his
books, but then also explain things such that you don't have to have a book
either. But having either book is a strongly recommended resource. (Besides,
if Cricket doesn't collect royalities from his writing, he won't be posting to
this list!)
Then again, I find the BIND ARM quite helpful too, but this may be because I
know the concepts and use the ARM to find the implementation. I will agree, it
isn't a beginners document.
> On freebsd 4.7 stable bind already logs to /var/log/message. The name server
> options statement can contain logging settings. The manual dives straight
> into the logging settings but does not really give an overview of how it
> works or where it logs to etc.
>
> I am looking for a general overview of how/when to use the logging settings.
> Any reference (not the manual) or explanation would be appreciated.
In "DNS & BIND" 4th edition, the BIND logging capabilities are covered in
chapter 7, with excellent examples and descriptions. The BIND ARM covers this
in section 6.2.10, also with examples.
BIND logs information through a combination of "channels", "severity", and
"categories". Channels are where the information is logged, a file, through
syslog, output to stderr, or a "null" channel to avoid logging. The severity
is the level of concern: "critical", "error", "warning", "notice", "info" (the
default), "debug", and "dynamic". A logging category is the type of
information to be logged: "default", "general", "database", "security",
"config", "resolver", "xfer-in", "xfer-out", "notify", "client", "unmatched",
"network", "update", "queries", "dispatch", "dnssec", and "lame-servers". The
purpose of each of these categories is described in the ARM.
BIND logging configuration is controlled by the "logging" directive. The
complete format of this directive can be found in the BIND ARM, section 6.2.9.
Simply, this looks like:
logging {
channel channel_name {
[ file "path_name" | syslog daemon ] ;
severity severity_level;
};
category category_level { channel_name; };
};
where multiple channels and categories can be defined. The 'file "path_name"'
or 'syslog daemon' controls if the information is going to a specified file or
out through syslog. There are also options available for managing the size of
the resulting log files and the formatting of the results.
Basically, I would suggest that if you are interested in changing your logging
configuration, you simply try playing around using your default configuration
as a strting point. It appears that your FreeBSD system is configured to send
things to syslog. Add a new file channel and try logging the same information
to this new channel. Just add something like 'channel file_log { file
"/var/log/bind.log"; };' and 'category "default" { file_log };' to your logging
directive in named.conf. Then, once things are working, play around with the
different categories and channel configuration. I think that you will end up
getting the idea. Keep a copy of your original named.conf file to insure that
you can get things back to where you started from.
One word of warning, from experience, watch for the semicolons which separate
the configuration statements. It is very easy to miss them and end up with a
copy of "named" that fails to start up. You should be able to see these errors
in your syslog file when you start up "named". Also, some of the possible
logging options can generate a tremendous amount of information, or decrease
the response time of your server. You will not want to log these situations
all of the time. These combinations you would only run in the event of a
problem.
Bill Larson