這是本文件的舊版!


BIND Log

這二天,因為學校的 DNS 主機流量突然暴增, 所以為了找出兇手是誰,到處翻 bind 的紀錄方法 最後翻到下面的這些東西..

實在是要感謝 TWNIC 對台灣 DNS 的貢獻, 下面的東西也是從 TWNIC 的講義裡翻出來的!!

目前測試可以用於各個版本 測試過最新的版本為 BIND 9.4.3-P3

  • 在 named.conf 裡加入下列的設定,就能完成的紀錄 dns 的所有記錄了。
logging {
	channel default_log {
		file "/var/log/named/dns-default.log" versions 10 size 20m;
		severity info;
	};

	channel lamer_log {
		file "/var/log/named/dns-lamer.log" versions 3 size 10m;
		severity info;
		print-severity yes;
		print-time yes;
		print-category yes;
	};

	channel query_log {
		file "/var/log/named/dns-query.log" versions 10 size 10m;
		severity info;
		print-time yes;
	};

	channel security_log {
		file "/var/log/named/dns-security.log" versions 3 size 1m;
		severity info;
		print-severity yes;
		print-time yes;
		print-category yes;
	};

	channel config_file {
		file "/var/log/named/dns-config.log" versions 3 size 5m;
		severity dynamic;
		print-time yes;
	};

	channel dnssec_log {
		file "/var/log/named/dns-dnssec.log" versions 3 size 20m;
		print-time yes;
		print-category yes;
		print-severity yes;
		severity debug 3;
	};

	category dnssec { dnssec_log; };
	category lame-servers { lamer_log; };
	category security{ security_log;};
	category config { config_file; };
	category queries { query_log;};
	category default { default_log;};
};


<fbl>