说明:配置是转载的,后面我加了实例来验证了,的确成功了。
默认named的日志功能是关闭的,可以使用rndc status查看,如下所示:
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
使用rndc querylog开启named的日志功能,如下所示:
#rndc querylog
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
下来在/var/named/chroot/var/named目录下创建一个named.log文件名,这个文件名字随便叫,创建完了后设置权限,如下所示:
#chown named.named /var/named/chroot/var/named/named.log
#chmod 755 /var/named/chroot/var/named/named.log
如果你开启了selinux还要设置相应权限,如果selinux状态为enforcing,你做如下设置,系统会提示named没有权限访问named.log文件,不论我做怎样修改,还是提示无权限,最后我把selinux状态改为permissive状态,named的相关信息写入了named.log文件,但是selinux还是会警告用restorecon -v "./named.log"修改该文件的权限,我使用了restorecon命令后,哪个警告信息还是会出现的,怎么解决这个以后再说,如果你有好的建议,请说明一下。结果是如下所示:
#chcon -u system_u named.log
到此这个文件的相关设置就完成了,下来配置/etc/named.conf文件,在此文件里加入以下内容:
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
重启你的named进程,以后你的dns相关信息就会出现这个文件里!
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/36549/showart_1006860.html
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
使用rndc querylog开启named的日志功能,如下所示:
#rndc querylog
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
下来在/var/named/chroot/var/named目录下创建一个named.log文件名,这个文件名字随便叫,创建完了后设置权限,如下所示:
#chown named.named /var/named/chroot/var/named/named.log
#chmod 755 /var/named/chroot/var/named/named.log
如果你开启了selinux还要设置相应权限,如果selinux状态为enforcing,你做如下设置,系统会提示named没有权限访问named.log文件,不论我做怎样修改,还是提示无权限,最后我把selinux状态改为permissive状态,named的相关信息写入了named.log文件,但是selinux还是会警告用restorecon -v "./named.log"修改该文件的权限,我使用了restorecon命令后,哪个警告信息还是会出现的,怎么解决这个以后再说,如果你有好的建议,请说明一下。结果是如下所示:
#chcon -u system_u named.log
到此这个文件的相关设置就完成了,下来配置/etc/named.conf文件,在此文件里加入以下内容:
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
重启你的named进程,以后你的dns相关信息就会出现这个文件里!
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/36549/showart_1006860.html
****************************************************************
以下实例是我依据上面的理论添加的,的确成功了。
1:我的DNS配置文件/etc/named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// randomization
// query-source port 53;
// query-source-v6 port 53;
// query-source-v6 port 53;
allow-query { any; };
};
#logging {
# channel default_debug {
# file "data/named.run";
# severity dynamic;
# };
#};
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
};
#logging {
# channel default_debug {
# file "data/named.run";
# severity dynamic;
# };
#};
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
*****蓝色部分就是日志配置了*******
2:查询
为了方便查找日志文件路径以及管理,统一放在/var/log ,我做了一个软链接:
ln -s /var/named/chroot/var/named/named.log /var/log/named.log
看一下,/var/log/named.log是空的,什么也没有
[root@www log]# tail named.log
[root@www log]# pwd
/var/log
[root@www log]# pwd
/var/log
验证一下,查询百度
[root@www /]#dig
[root@www log]# dig
; <<>> DiG 9.3.4-P1 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23745
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23745
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
; IN A
; IN A
;; ANSWER SECTION:
. 547 IN CNAME .
. 600 IN A 119.75.213.61
. 600 IN A 119.75.216.30
. 547 IN CNAME .
. 600 IN A 119.75.213.61
. 600 IN A 119.75.216.30
;; AUTHORITY SECTION:
a.shifen.com. 85758 IN NS ns1.a.shifen.com.
a.shifen.com. 85758 IN NS ns3.a.shifen.com.
a.shifen.com. 85758 IN NS ns5.a.shifen.com.
a.shifen.com. 85758 IN NS ns6.a.shifen.com.
a.shifen.com. 85758 IN NS ns1.a.shifen.com.
a.shifen.com. 85758 IN NS ns3.a.shifen.com.
a.shifen.com. 85758 IN NS ns5.a.shifen.com.
a.shifen.com. 85758 IN NS ns6.a.shifen.com.
;; Query time: 66 msec
;; SERVER: 192.168.1.112#53(192.168.1.112)
;; WHEN: Fri Jun 19 14:54:05 2009
;; MSG SIZE rcvd: 162
;; SERVER: 192.168.1.112#53(192.168.1.112)
;; WHEN: Fri Jun 19 14:54:05 2009
;; MSG SIZE rcvd: 162
再来看看/var/log/named.log
[root@www log]# tail named.log
19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: IN A +
19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: IN A +
已经有日志记录了。
本地查询一下:
[root@www log]# nslookup
>
Server: 192.168.1.112
Address: 192.168.1.112#53
>
Server: 192.168.1.112
Address: 192.168.1.112#53
Name:
Address: 192.168.1.112
> 192.168.1.112
Server: 192.168.1.112
Address: 192.168.1.112#53
Address: 192.168.1.112
> 192.168.1.112
Server: 192.168.1.112
Address: 192.168.1.112#53
112.1.168.192.in-addr.arpa name = .
>
>
本地查询记录也有了
再来看看 /var/log/named.log
[root@www log]# tail named.log
19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: IN A +
19-Jun-2009 14:55:18.607 queries: client 192.168.1.112#57028: view localhost_resolver: query: IN A +
19-Jun-2009 14:55:23.182 queries: client 192.168.1.112#37790: view localhost_resolver: query: 112.1.168.192.in-addr.arpa IN PTR +
19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: IN A +
19-Jun-2009 14:55:18.607 queries: client 192.168.1.112#57028: view localhost_resolver: query: IN A +
19-Jun-2009 14:55:23.182 queries: client 192.168.1.112#37790: view localhost_resolver: query: 112.1.168.192.in-addr.arpa IN PTR +
看看/var/log/messages 还有没有记录DNS记录.
[root@www log]# tail messages
Jun 19 14:41:42 www named[3099]: command channel listening on 127.0.0.1#953
Jun 19 14:41:42 www named[3099]: command channel listening on ::1#953
[root@www log]# tail messages
Jun 19 14:41:42 www named[3099]: command channel listening on 127.0.0.1#953
Jun 19 14:41:42 www named[3099]: command channel listening on ::1#953
已经没有该DNS记录的信息了。说明DNS已经把日志输出在了专门的文件了。即
named.log
********************验证成功************************