BIND Log
這二天,因為學校的 DNS 主機流量突然暴增, 所以為了找出兇手是誰,到處翻 bind 的紀錄方法 最後翻到下面的這些東西..
實在是要感謝 TWNIC 對台灣 DNS 的貢獻, 下面的東西也是從 TWNIC 的講義裡翻出來的!!
目前測試可以用於各個版本 測試過最新的版本為 BIND 9.4.3-P3
- 在 named.conf 裡加入下列的設定,就能完成的紀錄 dns 的所有記錄了。
logging { channel default_log { file "/var/log/named/dns-default.log" versions 10 size 20m; print-time yes; severity info; }; channel lamer_log { file "/var/log/named/dns-lamer.log" versions 3 size 10m; severity info; print-severity yes; print-time yes; print-category yes; }; channel query_log { file "/var/log/named/dns-query.log" versions 10 size 10m; severity info; print-time yes; }; channel security_log { file "/var/log/named/dns-security.log" versions 3 size 1m; severity info; print-severity yes; print-time yes; print-category yes; }; channel config_file { file "/var/log/named/dns-config.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dnssec_log { file "/var/log/named/dns-dnssec.log" versions 3 size 20m; print-time yes; print-category yes; print-severity yes; severity debug 3; }; category dnssec { dnssec_log; }; category lame-servers { lamer_log; }; category security{ security_log;}; category config { config_file; }; category queries { query_log;}; category default { default_log;}; };
<fbl>