這是本文件的舊版!
BIND Log
這二天,因為學校的 DNS 主機流量突然暴增, 所以為了找出兇手是誰,到處翻 bind 的紀錄方法 最後翻到下面的這些東西..
實在是要感謝 TWNIC 對台灣 DNS 的貢獻, 下面的東西也是從 TWNIC 的講義裡翻出來的!!
目前測試可以用於各個版本 測試過最新的版本為 BIND 9.4.3-P3
- 在 named.conf 裡加入下列的設定,就能完成的紀錄 dns 的所有記錄了。
logging {
channel default_log {
file "/var/log/named/dns-default.log" versions 10 size 20m;
severity info;
};
channel lamer_log {
file "/var/log/named/dns-lamer.log" versions 3 size 10m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
channel query_log {
file "/var/log/named/dns-query.log" versions 10 size 10m;
severity info;
print-time yes;
};
channel security_log {
file "/var/log/named/dns-security.log" versions 3 size 1m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
channel config_file {
file "/var/log/named/dns-config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_log {
file "/var/log/named/dns-dnssec.log" versions 3 size 20m;
print-time yes;
print-category yes;
print-severity yes;
severity debug 3;
};
category dnssec { dnssec_log; };
category lame-servers { lamer_log; };
category security{ security_log;};
category config { config_file; };
category queries { query_log;};
category default { default_log;};
};
<fbl>