On Tue, Jan 30, 2018 at 3:12 PM, Reineman, Rick <rick.reine...@idt.com> wrote: > Hello, I recently migrated our internal DNS service to a newer OS and Bind. > Bind 9.9.4 on CentOS7. > > The previous service had a dataset that was in really bad shape and I did a > lot of cleanup for the migration. Unfortunately there were a few records I > dropped that I should not have, but it's hard to figure out which until > someone complains. > > I am interested in capturing queries that fail, return a NXDOMAIN to the > client in other words. > > I have two logging categories setup "queries" and "query-errors", both going > to separate logs. > > The problem is that the logs do not log what I am interested in. The queries > log, logs every query, the query-errors log supposedly only logs a SERVFAIL. > > Does anyone know if it is possible to get what I want from the DNS server?
Er, you *might* be able to, but I'd suggest just using DNSCAP (https://github.com/DNS-OARC/dnscap) # ./dnscap -sr -ex -g [140] 2018-01-30 20:27:34.966108 [#0 br0 4095] \ [204.194.23.4].53 [76.104.90.25].56101 \ dns QUERY,NXDOMAIN,51223,qr|aa|rd \ 1 nonexistant.snozzages.com,IN,A 0 \ 1 snozzages.com,IN,SOA,600,ns01.kumari.net,warren.kumari.net,2011053169,86407,7200,3600000,17280 \ 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ -sr will Select Responses -ex will log Errors of type nXdomain -g will write to stderror, -w foo will create files of the form foo.<timestamp>. W > > Thanks, > Rick > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
