Configuring Bind9 logs

By default, Bind9 logs are written to the system log / var / log / syslog and to separate them, I will perform the actions that I will point out below.

On the test, I will configure Bind9 in Ubuntu Server 16.04.
Open the main Bind9 configuration file, for example, in the nano editor (Ctrl+X for exit, y/x for saving or canceling changes):

sudo nano /etc/bind/named.conf

Add to its end:

logging {
    channel bind.log {
        file "/var/lib/bind/bind.log" versions 10 size 20m;
        severity notice;
        print-category yes;
        print-severity yes;
        print-time yes;
    };
 
        category queries { bind.log; };
        category default { bind.log; };
        category config { bind.log; };
};

severity indicates the level of logging, it can be: critical, error, warning, notice, info, debug, dynamic.

The second example, or you can configure the saving of logs in different files:

logging {
          channel "misc" {
                    file "/var/log/named/misc.log" versions 4 size 4m;
                    print-time YES;
                    print-severity YES;
                    print-category YES;
          };
 
          channel "query" {
                    file "/var/log/named/query.log" versions 4 size 4m;
                    print-time YES;
                    print-severity NO;
                    print-category NO;
          };
 
          category default {
                    "misc";
          };
 
          category queries {
                    "query";
          };
};

I will give you another example:

logging {
          channel "misc" {
                    file "/var/log/named/misc.log" versions 10 size 10m;
                    print-time YES;
                    print-severity YES;
                    print-category YES;
          };
 
          channel "query" {
                    file "/var/log/named/query.log" versions 10 size 10m;
                    print-time YES;
                    print-severity NO;
                    print-category NO;
          };
 
          channel "lame" {
                    file "/var/log/named/lamers.log" versions 1 size 5m;
                    print-time yes;
                    print-severity yes;
                    severity info;
          };
 
          category "default" { "misc"; };
          category "queries" { "query"; };
          category "lame-servers" { "lame"; };
 
};

Do not forget to create a directory and assign rights:

sudo mkdir /var/log/named/
sudo chown bind:bind /var/log/named/

Restart Bind9 to apply the changes:

sudo /etc/init.d/bind9 restart

Or apply without restarting:

sudo rndc reconfig

You can make a reference to /var/log/ to make it easier for others to find them:

sudo ln -s /var/lib/bind/ /var/log/

To see logs in real time, you can use the command (Ctrl+C to stop the preview):

sudo tail -f /var/lib/bind/bind.log

If logging is done in a non-standard directory, then you need to allow this in the apparmor:

sudo nano /etc/apparmor.d/usr.sbin.named

See also my articles:
Logrotate Bind9
Installing and Configuring DNS Server BIND9

Leave a comment

Leave a Reply

Discover more from IT Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading