====== Ubuntu - Bind - Logging ======
The two main logging options are **channel** and **category,** which configure where logs go, and what information gets logged, respectively.
If no logging options are configured the default configuration is:
logging {
category default { default_syslog; default_debug; };
category unmatched { null; };
};
**NOTE:** BIND 9 Channels:
A channel may be defined to go to:
* **file** The file pathname must be specified. Optionally, you can specify how many versions of the file can exist at one time and how big the file may grow.
* **syslog** places logging into syslog.
* **null** For messages you want to throw away.
**NOTE:** categories are:
* **default** BIND 9's default category matches all categories not specifically assigned to channels.
* BIND 9's **default** category doesn't match BIND's messages that aren't categorized. Those are part of the category listed next.
* **general** The general category contains all of the BIND messages that aren't explicitly classified.
* **client** Processing client requests.
* **config** Configuration file parsing and processing.
* **database** Messages relating to BIND's internal database; used to store zone data and cache records.
* **dnssec** Processing DNSSEC-signed responses.
* **lame-servers** Detection of bad delegation (re-added in BIND 9.1.0; before that, lame server messages were logged to resolver).
* **network** Network operations.
* **notify** Asynchronous zone change notifications.
* **queries** Query logging (added in BIND 9.1.0).
* **resolver** Name resolution, including the processing of recursive queries from resolvers.
* **security** Approved/unapproved requests.
* **update** Dynamic update events.
* **xfer-in** Zone transfers from remote name servers to the local name server.
* **xfer-out** Zone transfers from the local name server to remote name servers.
----
===== File Channel =====
logging{
channel my_file {
file "log.msgs" versions 3 size 10k;
severity dynamic;
};
};
----
===== Syslog Channel =====
logging {
channel my_syslog {
syslog local0; // send to syslog's local0 facility.
severity info; // only send severity info and higher
};
};
**NOTE:** The **facility** can be specified to be any of the following: kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, local0, local1, local2, local3, local4, local5, local6, or local7.
The default is **daemon**, and this is the recommended option to be used.
**NOTE:** Channels allow you to filter by message severity. Here is the list of **severities**:
* critical
* error
* warning
* notice
* info
* debug [level]. The debug option can be set from 1 to 3. If a level isn’t specified, level 1 is the default.
* dynamic
----
===== Configure BIND9 to send debug messages related to DNS queries to a separate file =====
We need to configure a **channel** to specify which file to send the messages to, and a **category**.
In this example, the category will log all queries.
Edit /etc/bind/named.conf.local and add the following:
logging {
channel query.log {
file "/var/log/named/query.log";
severity debug 3;
};
category queries { query.log; };
};
Since the named daemon runs as the bind user the **/var/log/named** directory must be created and the ownership changed:
sudo mkdir /var/log/named
sudo chown bind:bind /var/log/named
Restart BIND9 for the changes to take effect:
sudo systemctl restart bind9.service
You should see the file **/var/log/named/query.log** fill with query information.
**NOTE:** This is a simple example of the BIND9 logging options.
For coverage of advanced options see [[https://ubuntu.com/server/docs/service-domain-name-service-dns#heading--dns-more-info|More Information]].
----