How To Log DNS Server Activity?

0 comments

How to log DNS server activity?
Ans : Sometimes you require DNS server activity to be logged to a file for future reference to analyze the activity on DNS server and whether DNS server is properly resolving accurately or not. rndc is the command to use for DNS server activity logging. Let’s have a look how to log DNS server activity. In order to log DNS server entries just execute below command (you have to do this one as root user)
#rndc querylog
Note : When you execute the above command DNS server activity is logged on to server /var/log/messages file.

Example output of the clipped log file
bash-2.05b# /usr/sbin/rndc querylog
bash-2.05b# tail -f /var/log/messages
Nov 18 18:00:16 ns1.abc.in named[29413]: query logging is now on
Nov 18 18:00:18 ns1.abc.in named[29413]: client 194.158.122.34#43071: query: abc.co.in IN MX
Nov 18 18:00:18 ns1.abc.in named[29413]: client 194.158.122.6#43587: query: smtp.abc.co.in IN A
Nov 18 18:00:19 ns1.abc.in named[29413]: client 82.8.211.193#19305: query: MX2.abc.co.in IN A
Nov 18 18:00:20 ns1.abc.in named[29413]: client 200.49.130.26#4111: query: abc.co.in IN MX
Nov 18 18:00:21 ns1.abc.in named[29413]: client 212.24.128.8#46547: query: abc.co.in IN MX
Nov 18 18:00:22 ns1.abc.in named[29413]: client 200.75.51.132#26540: query: MX2.abc.co.in IN A
In order to stop DNS logging activity please execute below command
#rndc querylog
Note : If you observe this command it is same as for starting the log activity, it is similar way how walky-talky works.. You have to press same button for both on/off operations.
Example output of how it is stopped
bash-2.05b# /usr/sbin/rndc querylog
bash-2.05b# tail -f messages
Nov 18 18:08:53 ns1.abc.com named[29413]: client 200.12.232.4#60450: query: abc.co.in IN MX
Nov 18 18:08:59 ns1.abc.com named[29413]: client 212.54.35.233#39027: query: ns1.abc.co.in IN A
Nov 18 18:08:59 ns1.abc.com named[29413]: client 212.54.35.233#10163: query: ns1.abc.co.in IN A
Nov 18 18:09:00 ns1.abc.com named[29413]: client 88.156.63.9#3661: query: abc.co.in IN MX
Nov 18 18:09:00 ns1.abc.com named[29413]: client 89.2.2.146#44622: query: abc.co.in IN MX
Nov 18 18:09:05 ns1.abc.com named[29413]: client 203.199.147.5#14678: query: cmex01.clairmail.local.intranet.abc.co.in IN A
Nov 18 18:09:06 ns1.abc.com named[29413]: client 117.98.17.34#1766: query: abc.co.in IN MX
Nov 18 18:09:06 ns1.abc.com named[29413]: client 203.119.8.106#28142: query: abc.co.in IN MX
Nov 18 18:09:11 ns1.abc.com named[29413]: client 217.171.113.9#4861: query: MX2.abc.co.in IN A
Nov 18 18:09:11 ns1.abc.com named[29413]: query logging is now off
Some FAQ’s:
1.Is it advaisable to restart a production DNS server?
Ans : No, Never try to restart a production DNS server with out prior notice from your higher officials.
2.Then how can I update any changes I made to DNS server?
Ans :
You can use rndc command to update the changes to dns server.
3.I want to update DNS server zone file entries to DNS server without restarting the named/bind server?
Ans :
We can do it by using rndc command
#rndc reload
4.I want to reload named.conf file with out restarting DNS server?
#rndc refresh.
Please Comment your thoughts regarding this post:-)

  • Like the post? Please Subscribe to free RSS feed to get updates
  • Archive

    Translate this page

     

    The Linux Juggernaut | Copyright 2006-2009 Surendra Kumar Anne | Surendra's Home Page | Give us feedback how we are doing, Click here