By default, Bind9 logs are written to the system log / var / log / syslog and to separate them, I will perform the actions that I will point out below.
On the test, I will configure Bind9 in Ubuntu Server 16.04.
Open the main Bind9 configuration file, for example, in the nano editor (Ctrl+X for exit, y/x for saving or canceling changes):
1 | sudo nano /etc/bind/named.conf |
Add to its end:
1 2 3 4 5 6 7 8 9 10 11 12 13 | logging { channel bind.log { file "/var/lib/bind/bind.log" versions 10 size 20m; severity notice; print-category yes; print-severity yes; print-time yes; }; category queries { bind.log; }; category default { bind.log; }; category config { bind.log; }; }; |
severity indicates the level of logging, it can be: critical, error, warning, notice, info, debug, dynamic.
The second example, or you can configure the saving of logs in different files:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | logging { channel "misc" { file "/var/log/named/misc.log" versions 4 size 4m; print-time YES; print-severity YES; print-category YES; }; channel "query" { file "/var/log/named/query.log" versions 4 size 4m; print-time YES; print-severity NO; print-category NO; }; category default { "misc"; }; category queries { "query"; }; }; |
I will give you another example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | logging { channel "misc" { file "/var/log/named/misc.log" versions 10 size 10m; print-time YES; print-severity YES; print-category YES; }; channel "query" { file "/var/log/named/query.log" versions 10 size 10m; print-time YES; print-severity NO; print-category NO; }; channel "lame" { file "/var/log/named/lamers.log" versions 1 size 5m; print-time yes; print-severity yes; severity info; }; category "default" { "misc"; }; category "queries" { "query"; }; category "lame-servers" { "lame"; }; }; |
Do not forget to create a directory and assign rights:
1 2 | sudo mkdir /var/log/named/ sudo chown bind:bind /var/log/named/ |
Restart Bind9 to apply the changes:
1 | sudo /etc/init.d/bind9 restart |
Or apply without restarting:
1 | sudo rndc reconfig |
You can make a reference to /var/log/ to make it easier for others to find them:
1 | sudo ln -s /var/lib/bind/ /var/log/ |
To see logs in real time, you can use the command (Ctrl+C to stop the preview):
1 | sudo tail -f /var/lib/bind/bind.log |
If logging is done in a non-standard directory, then you need to allow this in the apparmor:
1 | sudo nano /etc/apparmor.d/usr.sbin.named |
See also my articles:
Logrotate Bind9
Installing and Configuring DNS Server BIND9