Re: dnscap and ncap (Re: how to log all recursive query responses?)

2008-08-12 Thread David Sparks
tcpdump -v -x udp and port 53 and 'udp[20] == 3' and 'udp[21] == 102' and 'udp[22] == 111' and 'udp[23] == 111' yow. looks WAY painful. have you tried dnscap? its CLI language has not changed in the last six months, so if you were waiting for it to settle out, now's your moment.

Re: how to log all recursive query responses?

2008-08-08 Thread David Sparks
logging { category lame-servers { null; }; channel default_syslog { syslog local2; severity info; print-category yes; print-severity yes; }; category queries { default_syslog; }; }; Does the above log the responses or just

Re: how to log all recursive query responses?

2008-08-08 Thread David Sparks
If, on the other hand, you're trying to answer the question why do I get a SERVFAIL, some of the time, for some names, seemingly at random?, then I don't know that a targeted tcpdump is going to help. You might have to capture *everything*, detect the error, and then wade through the data

Re: how to log all recursive query responses?

2008-08-08 Thread JINMEI Tatuya / 神明達哉
At Fri, 08 Aug 2008 16:56:25 -0700, David Sparks [EMAIL PROTECTED] wrote: If, on the other hand, you're trying to answer the question why do I get a SERVFAIL, some of the time, for some names, seemingly at random?, then I don't know that a targeted tcpdump is going to help. You might

dnscap and ncap (Re: how to log all recursive query responses?)

2008-08-08 Thread Paul Vixie
[EMAIL PROTECTED] (Kevin Darcy) writes: If there is a *specific* name you want to focus on, it's possible to do that with tcpdump, but it's rather painful, e.g. tcpdump -v -x udp and port 53 and 'udp[20] == 3' and 'udp[21] == 102' and 'udp[22] == 111' and 'udp[23] == 111' would limit the

Re: how to log all recursive query responses?

2008-08-06 Thread Tom Greaser
logging { category lame-servers { null; }; channel default_syslog { syslog local2; severity info; print-category yes; print-severity yes; }; category queries { default_syslog; }; }; Kevin Darcy [EMAIL PROTECTED] 08/06/08 12:30

Re: how to log all recursive query responses?

2008-08-05 Thread Kevin Darcy
David Sparks wrote: I wanted to turn on the responses BIND is giving out to recursive queries. I added the below to my named.conf but it didn't do anything. What does resolver log do? channel resolver_log { file /var/log/resolver.log versions 3 size 100M;

how to log all recursive query responses?

2008-08-01 Thread David Sparks
I wanted to turn on the responses BIND is giving out to recursive queries. I added the below to my named.conf but it didn't do anything. What does resolver log do? channel resolver_log { file /var/log/resolver.log versions 3 size 100M; severity info;