logging 설정시 Bind버전에 따라 제공되는 옵셥값들이 다릅니다.
일부버전(BIND 9.2.4 등)은 없는 옵션이 있을떄 오류가 생겨 데몬이 안뜨니 주의하세요!!
logging때문에 데몬이 안뜰시 logging관련 옵션에러 나오는것을 삭제하고 데몬을 띠워주시면됩니다.
BIND 9.3.4-P1 은 데몬은 잘뜸. 특정로그는 버전에 따라 틀려 로그가 남지 않습니다. ignore됨
1. named.conf 설정예제 - logging부분은 필요시만 설정하세요
[@ns2 etc]$ more named.conf
// Set up our ACLs
acl "xfer" {
none; // Allow no transfers. If we have other
// name servers, place them here.
};
acl "trusted" {
200.1.1.0/24;
192.168.0.0/24;
127.0.0.1;
};
options {
directory "/var/named";
// pid-file "/var/named/named.pid";
// statistics-file "/var/named/named.stats";
// memstatistics-file "/var/named/named.memstats";
//dump-file "/var/named/named.dump";
version "No!!";
// query-source address * port 53;
// Prevent DoS attacks by generating bogus zone transfer
// requests. This will result in slower updates to the
// slave servers (e.g. they will await the poll interval
// before checking for updates).
notify no;
// Generate more efficient zone transfers. This will place
// multiple DNS records in a DNS message, instead of one per
// DNS message.
transfer-format many-answers;
// Set the maximum zone transfer time to something more
// reasonable. In this case, we state that any zone transfer
// that takes longer than 60 minutes is unlikely to ever
// complete. WARNING: If you have very large zone files,
// adjust this to fit your requirements.
max-transfer-time-in 60;
// We have no dynamic interfaces, so BIND shouldn't need to
// poll for interface state {UP|DOWN}.
interface-interval 0;
allow-transfer {
// Zone tranfers limited to members of the
// "xfer" ACL.
xfer;
};
allow-query {
// Accept queries from our "trusted" ACL. We will
// allow anyone to query our master zones below.
// This prevents us from becoming a free DNS server
// to the masses.
//trusted; // trusted 설정시 반드시 모든 도메인에 allow-query { any; }; 설정필요
any;
};
blackhole {
// Deny anything from the bogon networks as detailed in the "bogon" ACL.
// bogon;
203.237.102.12;
};
};
logging {
channel "__default_syslog" {
// Send most of the named messages to syslog.
syslog local2; // ( kern | user | mail | daemon | auth |
// syslog | lpr | new | uucp | cron |
// authpriv | ftp | local0 | local1 |
// local2 | local3 | local4 | local5 |
// local6 | local7 )
severity debug; // ( critical | error | warning | notice |
// info | debug [ level ] | dynamic )
};
//
// log channel list
//
channel ch_default_log {
file "/var/named/log/ch_default.log";
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_config_log {
file "/var/named/log/ch_config.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_parser_log {
file "/var/named/log/ch_parser.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_queries_log {
file "/var/named/log/ch_queries.log" versions 5 size 30m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_lame-servers_log {
file "/var/named/log/ch_lame-servers.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_statistics_log {
file "/var/named/log/ch_statistics.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_panic_log {
file "/var/named/log/ch_panic.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_update_log {
file "/var/named/log/ch_update.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_ncache_log {
file "/var/named/log/ch_ncache.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_xfer-in_log {
file "/var/named/log/ch_xfer-in.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_xfer-out_log {
file "/var/named/log/ch_xfer-out.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_db_log {
file "/var/named/log/ch_db.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_eventlib_log {
file "/var/named/log/ch_eventlib.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_packet_log {
file "/var/named/log/ch_packet.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_notify_log {
file "/var/named/log/ch_notify.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_cname_log {
file "/var/named/log/ch_cname.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_security_log {
file "/var/named/log/ch_security.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_os_log {
file "/var/named/log/ch_os.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_insist_log {
file "/var/named/log/ch_insist.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_maintenance_log {
file "/var/named/log/ch_maintenance.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_load_log {
file "/var/named/log/ch_load.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_response-checks_log {
file "/var/named/log/ch_response-checks.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { ch_default_log; };
category config { ch_config_log; };
category parser { ch_parser_log; };
category queries { ch_queries_log; };
category lame-servers { ch_lame-servers_log; };
category statistics { ch_statistics_log; };
category panic { ch_panic_log; };
category update { ch_update_log; };
category ncache { ch_ncache_log; };
category xfer-in { ch_xfer-in_log; };
category xfer-out { ch_xfer-out_log; };
category db { ch_db_log; };
category eventlib { ch_eventlib_log; };
category packet { ch_packet_log; };
category notify { ch_notify_log; };
category cname { ch_cname_log; };
category security { ch_security_log; };
category os { ch_os_log; };
category insist { ch_insist_log; };
category maintenance { ch_maintenance_log; };
category response-checks { ch_response-checks_log; };
category load { ch_load_log; };
};
// a caching only nameserver config
zone "." {
type hint;
file "master/db.cache";
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "master/db.127.0.0";
};
zone "175.103.210.in-addr.arpa" {
type slave;
file "slave/db.210.103.175";
// isp에서 transfer 할 수 있도록 해야 함.
// 이 클래스에 대한 위임은 isp까지만 되어 있다.
allow-transfer { 203.255.112.34; 203.255.112.4; 200.1.1.1; };
notify yes;
};
2. dns로그 남기는 디렉토리 추가하기
# cd /var/named/chroot/var/named
# mkdir log
# chown named.named log
# service named restart
로컬 호스트
[root@ps2 root# chkconfig --list | grep nscd
nscd 0:해제 1:해제 2:해제 3:해제 4:해제 5:해제 6:해제
3. Centos 5.3 에 BIND 9.6.1-P1에서의 가능한 logging 설정예
logging {
channel "__default_syslog" {
// Send most of the named messages to syslog.
syslog local2; // ( kern | user | mail | daemon | auth |
// syslog | lpr | new | uucp | cron |
// authpriv | ftp | local0 | local1 |
// local2 | local3 | local4 | local5 |
// local6 | local7 )
severity debug; // ( critical | error | warning | notice |
// info | debug [ level ] | dynamic )
};
//
// log channel list
//
channel ch_default_log {
file "/var/named/log/ch_default.log";
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_config_log {
file "/var/named/log/ch_config.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_queries_log {
file "/var/named/log/ch_queries.log" versions 5 size 30m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_lame-servers_log {
file "/var/named/log/ch_lame-servers.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_statistics_log {
file "/var/named/log/ch_statistics.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_update_log {
file "/var/named/log/ch_update.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_xfer-in_log {
file "/var/named/log/ch_xfer-in.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_xfer-out_log {
file "/var/named/log/ch_xfer-out.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_notify_log {
file "/var/named/log/ch_notify.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
channel ch_security_log {
file "/var/named/log/ch_security.log" versions 3 size 20m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { ch_default_log; };
category config { ch_config_log; };
category queries { ch_queries_log; };
category lame-servers { ch_lame-servers_log; };
category update { ch_update_log; };
category xfer-in { ch_xfer-in_log; };
category xfer-out { ch_xfer-out_log; };
category notify { ch_notify_log; };
category security { ch_security_log; };
};
