I am still having this issue. Here is my current configuration:
logging {
channel log {
file "/var/log/named/named.log"
versions 10
size 100m;
severity debug 9999;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
log;
};
category queries {
log;
};
};
looks like I haven't changed anything since posting last. I can't imagine
what I could though.
And here is a sample transaction from today:
01-Dec-2008 11:01:14.952 general: debug 60: socket 0xb7f2f148
127.0.0.1#33193: packet received correctly
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: UDP
request
01-Dec-2008 11:01:14.952 client: debug 5: client 127.0.0.1#33193: using view
'_default'
01-Dec-2008 11:01:14.952 security: debug 3: client 127.0.0.1#33193: request
is not signed
01-Dec-2008 11:01:14.952 security: debug 3: client 127.0.0.1#33193:
recursion available
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: query
01-Dec-2008 11:01:14.952 queries: info: client 127.0.0.1#33193: query:
www.solestruck.com IN A +
01-Dec-2008 11:01:14.952 client: debug 10: client 127.0.0.1#33193:
ns_client_attach: ref = 1
01-Dec-2008 11:01:14.952 security: debug 3: client 127.0.0.1#33193: query '
www.solestruck.com/A/IN' approved
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: send
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: sendto
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: senddone
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: next
01-Dec-2008 11:01:14.952 client: debug 10: client 127.0.0.1#33193:
ns_client_detach: ref = 0
01-Dec-2008 11:01:14.952 client: debug 3: client 127.0.0.1#33193: endrequest
01-Dec-2008 11:01:14.953 general: debug 60: socket 0xb7f2f148
127.0.0.1#33193: packet received correctly
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: UDP
request
01-Dec-2008 11:01:14.953 client: debug 5: client 127.0.0.1#33193: using view
'_default'
01-Dec-2008 11:01:14.953 security: debug 3: client 127.0.0.1#33193: request
is not signed
01-Dec-2008 11:01:14.953 security: debug 3: client 127.0.0.1#33193:
recursion available
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: query
01-Dec-2008 11:01:14.953 queries: info: client 127.0.0.1#33193: query:
www.solestruck.com IN AAAA +
01-Dec-2008 11:01:14.953 client: debug 10: client 127.0.0.1#33193:
ns_client_attach: ref = 1
01-Dec-2008 11:01:14.953 security: debug 3: client 127.0.0.1#33193: query '
www.solestruck.com/AAAA/IN' approved
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: send
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: sendto
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: senddone
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: next
01-Dec-2008 11:01:14.953 client: debug 10: client 127.0.0.1#33193:
ns_client_detach: ref = 0
01-Dec-2008 11:01:14.953 client: debug 3: client 127.0.0.1#33193: endrequest
01-Dec-2008 11:01:14.954 general: debug 60: socket 0xb7f2f148
127.0.0.1#33193: packet received correctly
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: UDP
request
01-Dec-2008 11:01:14.954 client: debug 5: client 127.0.0.1#33193: using view
'_default'
01-Dec-2008 11:01:14.954 security: debug 3: client 127.0.0.1#33193: request
is not signed
01-Dec-2008 11:01:14.954 security: debug 3: client 127.0.0.1#33193:
recursion available
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: query
01-Dec-2008 11:01:14.954 queries: info: client 127.0.0.1#33193: query:
www.solestruck.com IN MX +
01-Dec-2008 11:01:14.954 client: debug 10: client 127.0.0.1#33193:
ns_client_attach: ref = 1
01-Dec-2008 11:01:14.954 security: debug 3: client 127.0.0.1#33193: query '
www.solestruck.com/MX/IN' approved
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: send
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: sendto
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: senddone
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: next
01-Dec-2008 11:01:14.954 client: debug 10: client 127.0.0.1#33193:
ns_client_detach: ref = 0
01-Dec-2008 11:01:14.954 client: debug 3: client 127.0.0.1#33193: endrequest
The result I'm looking for is "10.1.1.44" and this string does not appear in
any of the logs at all.
Anyone have any other ideas?
thanks,
-wes
On Fri, Nov 28, 2008 at 11:28 AM, wes <[EMAIL PROTECTED]> wrote:
> thanks for the info. I do indeed see tons and tons of messages from named.
> I even see the query itself (what people are asking for). Just not the
> result. It seems like I get everything except the result.
>
> -wes
>
>
> On Fri, Nov 28, 2008 at 10:56 AM, ivan jr sy <[EMAIL PROTECTED]> wrote:
>
>> looks like an OK config for me.
>> - you should be able to view the name being queried and from what source
>> IP
>> - debug10 = view the actual query (similar to dig)
>> so you can grep the NXDOMAIN or the ANSWER
>>
>> are you able to view the log file? did it log the start-up processes of
>> BIND? you should be able to see tons and tons of log messages even just on
>> startup of named.
>>
>> note that logging queries will significantly impact the query response
>> rate of the server. its a no no for production. on the other hand, your
>> tcpdump script sounds elegant...
>>
>>
>> --- On Sat, 11/29/08, wes <[EMAIL PROTECTED]> wrote:
>>
>> > From: wes <[EMAIL PROTECTED]>
>> > Subject: logging query results
>> > To: bind-users@lists.isc.org
>> > Date: Saturday, November 29, 2008, 7:08 AM
>> > I would like to know if it's possible to log the output
>> > of each dns query.
>> > I'd like to do this to catch failed queries so I can
>> > see what people are
>> > looking for, and not finding, and add it for them if it
>> > should be there. I
>> > recently lost my old dns server so I have to start from
>> > scratch.
>> >
>> > This is my current logging configuration:
>> >
>> > logging {
>> > channel log {
>> > file "/var/log/named/named.log"
>> > versions 10
>> > size 100m;
>> > severity debug 9999;
>> > print-time yes;
>> > print-severity yes;
>> > print-category yes;
>> > };
>> > category default { log; };
>> > category queries { log; };
>> > };
>> >
>> > as far as I can tell, this is set up to log everything
>> > ever. but, I still
>> > don't get the actual query result in the log. Is there
>> > a way to do this?
>> >
>> > If not, that's ok, I'll set up a tcpdump script to
>> > do it. but I thought I
>> > would make sure there isn't a built-in method in bind
>> > first.
>> >
>> > thanks for any advice.
>> >
>> > -wes
>> > _______________________________________________
>> > bind-users mailing list
>> > bind-users@lists.isc.org
>> > https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>
>>
>
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
