I have configured a CC TLD with bind9.
I have successfully configured query logging also.
But I can not do logging of query responses.
Please have a look of what I have configured for query logging:
logging {
channel queries_file {
file "/var/named/chroot/var/log/named/queries.log" versions 10 size 10G;
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
category queries { queries_file; };
};
This script logs only queries coming from the outside.
How can I log server responses for those requests.
Best Answer
There are no provisions in BIND to log answers for queries at all with the
logging
directive.Furthermore, aside privacy considerations, it can be more efficient for the DNS service to log them remotely instead of in a file.
Often people are running dnscap to capture/sniff DNS queries for security analysis.
There is also a capture/logging functionality called dnstap, but it is only present in certain versions of BIND, and appears to be officially always included after the last version of BIND (at this time 9.11) which might not yet be adopted in several distributions, and thus involves compiling BIND.
It is more interesting, as it integrates with BIND, and less taxing on resources than
dnscap
.From DNS query/response logging with dnstap