UNIX Consulting and Expertise
Golden Apple Enterprises Ltd. » Posts in 'Rough Guides' category

Rough guide to BIND logging – keeping an eye on DNS Comments Off on Rough guide to BIND logging – keeping an eye on DNS

At lots of sites I see people configuring BIND, setting up their zones, but then missing out a critical part of the configuration – logging. BIND logging is easy enough to configure, and it gives you a useful insight into potential issues with your DNS and zone files.

BIND logging is managed in /etc/named.conf and is split into two parts.

First of all, configure BIND to store PIDs, statistics files etc. in a dedicated directory. In this case, I’m using /var/named/log:

options {
        directory "/var/named/log";
        pid-file "/var/named/log/named.pid";
        dump-file "/var/named/log/named_dump.db";
        memstatistics-file "/var/named/log/named.memstats";
        statistics-file "/var/named/log/named.stats";
};

That’s all pretty straightforward. Armed with this we can write some scripts to plug BIND statistics into RRDTool or similar, and get some nice graphs of performance.

Next, we can use the logging directive to configure log files and the streams of events we want to log:

logging {
        channel default_log {
                file "/var/named/log/named.log" versions 3 size 10m;
                print-time yes;
                print-category yes;
                severity info;
                };
        channel security_log {
                file "/var/named/log/named.security.log" versions 3 size 5m;
                print-time yes;
                print-category yes;
                severity notice;
                };
        category default { default_log; };
        category security { security_log; };
        category lame-servers { null; };
};

You can see I’ve configured a default log of INFO events, which will by cycled when it reaches 10mb, with 3 copies being kept. I’m also logging security events with a priority of NOTICE and higher – 3 versions of this are kept, and the security log gets cycled when it reaches 5mb.

For all the log events I want to print the time stamp and the category – without these it can be difficult to work out what happened and when, which makes the logs pretty much worthless.

The syntax to configure logging in BIND is pretty straightforward and is very similar to how you’d configure your zones in named.conf.

If you want to be slack you can just cut and paste this into /etc/named.conf and restart BIND – instant logging. I run BIND under a non-root user, and the BIND logging directory is owned by that user and group and locked down – I’d suggest doing the same at a minimum.

A Rough Guide to LDAP Comments Off on A Rough Guide to LDAP

I’ve been working on some Rough Guides – high level overviews to introduce a particular technology or tool. These are not particularly technical or indepth – instead, I want to introduce new technology topics and hopefully you’ll be interested enough to find out more (and start using them yourself).

This is the first in (what I hope will become) a series of them, and provides a high level introduction to LDAP.

Please have a read and let me know what you think in the comments section.

Edit: Quick update to the PDF, please re-download again to get the changes.

A Rough Guide to LDAP

Top of page / Subscribe to new Entries (RSS)