Configuring Bind9 logs

By default, Bind9 logs are written to the system log / var / log / syslog and to separate them, I will perform the actions that I will point out below.

On the test, I will configure Bind9 in Ubuntu Server 16.04.
Open the main Bind9 configuration file, for example, in the nano editor (Ctrl+X for exit, y/x for saving or canceling changes):

1
sudo nano /etc/bind/named.conf

Add to its end:

1
2
3
4
5
6
7
8
9
10
11
12
13
logging {
    channel bind.log {
        file "/var/lib/bind/bind.log" versions 10 size 20m;
        severity notice;
        print-category yes;
        print-severity yes;
        print-time yes;
    };
  
        category queries { bind.log; };
        category default { bind.log; };
        category config { bind.log; };
};

severity indicates the level of logging, it can be: critical, error, warning, notice, info, debug, dynamic.

The second example, or you can configure the saving of logs in different files:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
logging {
          channel "misc" {
                    file "/var/log/named/misc.log" versions 4 size 4m;
                    print-time YES;
                    print-severity YES;
                    print-category YES;
          };
  
          channel "query" {
                    file "/var/log/named/query.log" versions 4 size 4m;
                    print-time YES;
                    print-severity NO;
                    print-category NO;
          };
  
          category default {
                    "misc";
          };
  
          category queries {
                    "query";
          };
};

I will give you another example:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
logging {
          channel "misc" {
                    file "/var/log/named/misc.log" versions 10 size 10m;
                    print-time YES;
                    print-severity YES;
                    print-category YES;
          };
  
          channel "query" {
                    file "/var/log/named/query.log" versions 10 size 10m;
                    print-time YES;
                    print-severity NO;
                    print-category NO;
          };
  
          channel "lame" {
                    file "/var/log/named/lamers.log" versions 1 size 5m;
                    print-time yes;
                    print-severity yes;
                    severity info;
          };
  
          category "default" { "misc"; };
          category "queries" { "query"; };
          category "lame-servers" { "lame"; };
  
};

Do not forget to create a directory and assign rights:

1
2
sudo mkdir /var/log/named/
sudo chown bind:bind /var/log/named/

Restart Bind9 to apply the changes:

1
sudo /etc/init.d/bind9 restart

Or apply without restarting:

1
sudo rndc reconfig

You can make a reference to /var/log/ to make it easier for others to find them:

1
sudo ln -s /var/lib/bind/ /var/log/

To see logs in real time, you can use the command (Ctrl+C to stop the preview):

1
sudo tail -f /var/lib/bind/bind.log

If logging is done in a non-standard directory, then you need to allow this in the apparmor:

1
sudo nano /etc/apparmor.d/usr.sbin.named

See also my articles:
Logrotate Bind9
Installing and Configuring DNS Server BIND9

Leave a comment

Leave a Reply