BIND9 detailed log article

By default, bind writes log messages to the/var/log/messages file, and these log messages are very small, mostly startup, shutdown logging and some serious error messages, so to detail the server's health, you need to configure the server's log behavior. That is, to use the logging statement in the configuration file named.conf to customize the log records that you need, the syntax of the logging statement is:
Logging {

Channel; {

file;;

Syslog;;

Null

StdErr

severity;;

Print-time;;

print-severity;;

Print-category;;

};

category; { ;; ... };

};

There are two main concepts in the log: Channel and category. The channel specifies where the log data should be sent: whether it is sent to a syslog, written in a file, or sent to the standard error output of named, or to a bucket in place (bit bucket). The category specifies what data needs to be recorded. Here we mainly introduce the file channels and categories.

In the statement that defines the channel, severity is the level of the specified record message. There are several levels (in descending order of severity) in bind:

Critical
Error
Warning
Notice
Info
debug [level]
Dynamic

When a level is defined, all messages that include that level and levels that are more severe than that level are logged. For example, if the definition level is error, critical and error two levels of information are logged. In general, we can record to the info level. Print-time is to set whether the write time is required in the log, print-severity whether to write the message level in the log, Print-category is to set whether the log category needs to be written in the log.

The category statement is a channel that specifies which category of data to use which or which of the defined channels. The categories in BIND9 are:

Default
The default category matches all categories that do not explicitly specify a channel, but does not match messages that do not belong to any category. These messages that do not belong to any category belong to these categories listed below.
General
Includes all bind messages that are not explicitly categorized.
Client
Handles client requests.
Config
Profile analysis and processing.
Database
A message associated with the BIND internal database for storing data and caching records.
Dnssec
Handles the response of the DNSSEC signature.
Lame-servers
Error authorization found.
Network
Network operation
Notify
Asynchronous zone change notification.
Queries
Query log
Resolver
Name resolution, including processing of recursive queries from the parser.
Security
Approved/non-approved requests.
Update
Dynamic Update events.
Xfer-in
The zone transfer from the remote name server to the local name server.
Xfer-out
The zone transfer from the local name server to the remote name server.

For example, to log a queries message, you can configure it as follows (add the following statement to named.conf):
Logging {

Channel Query_log {

File "Query.log" versions 3 size 20m;

Severity info;

Print-time Yes;

Print-category Yes;

};

Category Queries {

Query_log;

};

};

The server creates the Query.log file in the working directory (the directory specified by the directory statement, typically:/var/named) and writes the queries message generated by the run process to the Query.log file as follows:

Nov 16:04:55.516 queries:client 192.168.0.113#32770:query:dns.andy.com in A

Also explain "[Color=blue]file" Query.log "versions 3 size 20m; The meaning of "version" and "Size" in [/color] "statements:

Version is the file that specifies how many versions are allowed to exist, such as specifying 3 versions (version 3), and Bind9 saves Query.log, Query.log0, Query.log1, and query.log2.

Size is the upper limit of the specified file size, and if the file reaches the specified file size limit, the server stops writing to the file if it is set to only a size and no version is set. If version is set, the server loops, such as turning Query.log into Query.log1,query.log1 and query.log2, and then creating a new query.log for writing.

BIND9 detailed log article