DNS LOG


Vishal Vyas(Linux Admin)

How to log DNS server activity?
Ans : Sometimes you require DNS server activity to be logged to a file for future reference to analyze the activity on DNS server and whether DNS server is properly resolving accurately or not. rndc is the command to use for DNS server activity logging. Let’s have a look how to log DNS server activity. In order to log DNS server entries just execute below command (you have to do this one as root user)
#rndc querylog
Note : When you execute the above command DNS server activity is logged on to server /var/log/messages file.
Example output of the clipped log file bash-2.05b# /usr/sbin/rndc querylog
bash-2.05b# tail -f /var/log/messages
Nov 18 18:00:16 ns1.abc.in named[29413]: query logging is now on
Nov 18 18:00:18 ns1.abc.in named[29413]: client 194.158.122.34#43071: query: abc.co.in IN MX
Nov 18 18:00:18 ns1.abc.in named[29413]: client 194.158.122.6#43587: query: smtp.abc.co.in IN A
Nov 18 18:00:19 ns1.abc.in named[29413]: client 82.8.211.193#19305: query: MX2.abc.co.in IN A
Nov 18 18:00:20 ns1.abc.in named[29413]: client 200.49.130.26#4111: query: abc.co.in IN MX
Nov 18 18:00:21 ns1.abc.in named[29413]: client 212.24.128.8#46547: query: abc.co.in IN MX
Nov 18 18:00:22 ns1.abc.in named[29413]: client 200.75.51.132#26540: query: MX2.abc.co.in IN A
In order to stop DNS logging activity please execute below command
#rndc querylog
Note : If you observe this command it is same as for starting the log activity, it is similar way how walky-talky works.. You have to press same button for both on/off operations.
Example output of how it is stopped
bash-2.05b# /usr/sbin/rndc querylog
bash-2.05b# tail -f messages
Nov 18 18:08:53 ns1.abc.com named[29413]: client 200.12.232.4#60450: query: abc.co.in IN MX
Nov 18 18:08:59 ns1.abc.com named[29413]: client 212.54.35.233#39027: query: ns1.abc.co.in IN A
Nov 18 18:08:59 ns1.abc.com named[29413]: client 212.54.35.233#10163: query: ns1.abc.co.in IN A
Nov 18 18:09:00 ns1.abc.com named[29413]: client 88.156.63.9#3661: query: abc.co.in IN MX
Nov 18 18:09:00 ns1.abc.com named[29413]: client 89.2.2.146#44622: query: abc.co.in IN MX
Nov 18 18:09:05 ns1.abc.com named[29413]: client 203.199.147.5#14678: query: cmex01.clairmail.local.intranet.abc.co.in IN A
Nov 18 18:09:06 ns1.abc.com named[29413]: client 117.98.17.34#1766: query: abc.co.in IN MX
Nov 18 18:09:06 ns1.abc.com named[29413]: client 203.119.8.106#28142: query: abc.co.in IN MX
Nov 18 18:09:11 ns1.abc.com named[29413]: client 217.171.113.9#4861: query: MX2.abc.co.in IN A
Nov 18 18:09:11 ns1.abc.com named[29413]: query logging is now off
Some FAQ’s:
1.Is it advaisable to restart a production DNS server?
Ans : No, Never try to restart a production DNS server with out prior notice from your higher officials.
2.Then how can I update any changes I made to DNS server?
Ans :
You can use rndc command to update the changes to dns server.
3.I want to update DNS server zone file entries to DNS server without restarting the named/bind server?
Ans :
We can do it by using rndc command
#rndc reload
4.I want to reload named.conf file with out restarting DNS server?
#rndc refresh.

From: http://www.linuxnix.com

Advertisements

3 Responses to “DNS LOG”

  1. Atul Khachane July 7, 2010 at 11:54 am #

    Thanks mate 🙂 Good share…..

  2. Atul Khachane July 7, 2010 at 11:57 am #

    Thanks mate. Nice share 🙂

  3. http://google.com February 13, 2013 at 10:45 pm #

    You made several great points with your post, “DNS LOG LINUX GURU”.
    I will possibly be returning to your page shortly. Thanks
    a lot -Terrance

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: