Wednesday, October 2, 2013

Enabled Query Logging BIND/NAMED/DNS

1) Add a new logging channel to /etc/named.conf before the closing '};'
channel querylog{
            file "/var/log/querylog";
            severity debug 10;
            print-category yes;
            print-time yes;
            print-severity yes;
            };
category queries { querylog;};
2) Create the log file
touch /var/log/querylog
chown named.named /var/log/querylog
3) Reload named.conf
service named reload
4) Enable the logging channel
rndc querylog on
5) View the log
tail -f /var/log/querylog
To save disk space you should disable logging once you've completed your log inspection
rndc querylog off
echo > /var/log/querylog