Ping a Specific Port

Question

Eddy

Asked: 2009-09-17 07:16:03 +0800 CST2009-09-17 07:16:03 +0800 CST 2009-09-17 07:16:03 +0800 CST

Separate log setting per view in bind?

772

I setup a view in bind to provide different results for VPN users but I do not provide other queries so that non-vpn queries will fail and route back to their internal network dns server(s). It is working fine but I'm getting tired of all the query "denied" messages filling up the syslog.

I tried putting a logging { }; section within the view but bind complained. Any thoughts on how I can separate the security messages out for this particular view?

3 Answers

Voted

I like pie · Answer 1 · 2010-07-08T01:51:54+08:00

I like pie

2010-07-08T01:51:54+08:002010-07-08T01:51:54+08:00

It's not possible to specify a logging statement per view. However, if you use syslog logging with syslog-ng you can filter out the messages by using a filter.

filter f_no_named_denied {
   not match (regex for the message here);
};

Then apply this filter to whichever rule that you use for DNS logs.

2

Greeblesnort · Answer 2 · 2009-09-17T18:25:36+08:00

here's my setup (in named.options.conf and loaded with an include):

logging {
        channel default_syslog {
                // Send most of the named messages to syslog.
                syslog local2;
                severity debug; 
        };

        channel audit_log {
                // Send the security related messages to a separate file.
                file "/var/named/system/named.log";
                severity debug;
                print-time yes; 
        };

        channel null {
                null;
        };

        category default { default_syslog; };
        category general { default_syslog; };
        category security { audit_log; default_syslog; };
        category config { default_syslog; };
        category resolver { audit_log; };
        category xfer-in { audit_log; };
        category xfer-out { audit_log; };
        category notify { audit_log; };
        category client { audit_log; };
        category network { audit_log; };
        category update { audit_log; };
        category queries { audit_log; };
        category lame-servers { null; }; 

};

If you use this method, make sure to rotate this file, or it will grow to pretty massive proportions.

kashani · Answer 3 · 2009-10-21T15:49:20+08:00

You can do everything within Bind itself rather than syslog. I use this config on all my Bind 9 DNS servers. Just insert the following lines into your named.conf, run named-checkconf to make sure it the syntax is good, and restart Bind. Once you're sure it's working you can start messing with the severity settings and other parts. I think a reload of Bind should pick up the changes.

logging {
  channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; };
  channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes;
};

Separate log setting per view in bind?

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?