반응형
BIND logging | BIND 9.5.x
| 카테고리 | 설명 |
| default | The default category defines the logging options for those categories where no specific configuration has been defined. |
| general | The catch-all. Many things still aren't classified into categories, and they all end up here. |
| database | Messages relating to the databases used internally by the name server to store zone and cache data |
| security | Approval and denial of requests. |
| config | Configuration file parsing and processing. |
| resolver | DNS resolution, such as the recursive lookups performed on behalf of clients by a caching name server. |
| xfer-in | Zone transfers the server is receiving. |
| xfer-out | Zone transfers the server is sending. |
| notify | The NOTIFY protocol. |
| client | Processing of client requests. |
| unmatched | Messages that named was unable to determine the class of or for which there was no matching view. A one line summary is also logged to the clientcategory. This category is best sent to a file or stderr, by default it is sent to the null channel. |
| network | Network operations. |
| update | Dynamic updates. |
| update-security | Approval and denial of update requests. |
| queries | Specify where queries should be logged to. At startup, specifying the category queries will also enable query logging unless querylog option has been specified. The query log entry reports the client's IP address and port number, and the query name, class and type. It also reports whether the Recursion Desired flag was set (+ if set, -if not set), if the query was signed (S),EDNS was in use (E), if DO (DNSSEC Ok) was set (D), or if CD (Checking Disabled) was set (C). client 127.0.0.1#62536: query: www.example.comIN AAAA +SE client ::1#62537: query: www.example.netIN AAAA -SE |
| query-errors | Information about queries that resulted in some failure. |
| dispatch | Dispatching of incoming packets to the server modules where they are to be processed. |
| dnssec | DNSSEC and TSIG protocol processing. |
| lame-servers | Lame servers. These are misconfigurations in remote servers, discovered by BIND 9 when trying to query those servers during resolution. |
| delegation-only | Delegation only. Logs queries that have been forced to NXDOMAIN as the result of a delegation-only zone or a delegation-only in a hint or stub zone declaration. |
| edns-disabled | Log queries that have been forced to use plain DNS due to timeouts. This is often due to the remote servers not being RFC 1034 compliant (not always returning FORMERR or similar to EDNS queries and other extensions to the DNS when they are not understood). In other words, this is targeted at servers that fail to respond to DNS queries that they don't understand. Note: the log message can also be due to packet loss. Before reporting servers for non-RFC 1034 compliance they should be re-tested to determine the nature of the non-compliance. This testing should prevent or reduce the number of false-positive reports. Note: eventually named will have to stop treating such timeouts as due to RFC 1034 non ompliance and start treating it as plain packet loss. Falsely classifying packet loss as due to RFC 1034 non compliance impacts on DNSSEC validation which requires EDNS for the DNSSEC records to be returned. |
728x90
BIND Logging 설정
logging {
//
// =========================
// 1. 기본 로그 채널
// =========================
//
channel default_log {
file "/etc/bind/log/default.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel debug_log {
file "/etc/bind/log/debug.log" versions 3 size 20m;
severity dynamic;
print-time yes;
print-category yes;
print-severity yes;
};
//
// =========================
// 2. 주요 운영 로그
// =========================
//
channel general_log {
file "/etc/bind/log/general.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel security_log {
file "/etc/bind/log/security.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel client_log {
file "/etc/bind/log/client.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
//
// =========================
// 3. Query / Resolver
// =========================
//
channel queries_log {
file "/etc/bind/log/queries.log" versions 50 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel query_errors_log {
file "/etc/bind/log/query-errors.log" versions 5 size 20m;
severity dynamic;
print-time yes;
print-category yes;
print-severity yes;
};
channel resolver_log {
file "/etc/bind/log/resolver.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
//
// =========================
// 4. Zone / Transfer
// =========================
//
channel zoneload_log {
file "/etc/bind/log/zoneload.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel xfer_in_log {
file "/etc/bind/log/xfer-in.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel xfer_out_log {
file "/etc/bind/log/xfer-out.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel notify_log {
file "/etc/bind/log/notify.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
//
// =========================
// 5. DNSSEC / 보안
// =========================
//
channel dnssec_log {
file "/etc/bind/log/dnssec.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel rate_limit_log {
file "/etc/bind/log/rate-limit.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
//
// =========================
// 6. 업데이트 / DDNS
// =========================
//
channel update_log {
file "/etc/bind/log/update.log" versions 5 size 20m;
severity dynamic;
print-time yes;
print-category yes;
print-severity yes;
};
channel update_security_log {
file "/etc/bind/log/update-security.log" versions 5 size 20m;
severity dynamic;
print-time yes;
print-category yes;
print-severity yes;
};
//
// =========================
// 7. 기타 (필요 시 활성화)
// =========================
//
channel database_log {
file "/etc/bind/log/database.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel rpz_log {
file "/etc/bind/log/rpz.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
//
// =========================
// Category 매핑
// =========================
//
category default { default_log; debug_log; };
category general { general_log; };
category security { security_log; };
category client { client_log; };
category queries { queries_log; };
category query-errors { query_errors_log; };
category resolver { resolver_log; };
category zoneload { zoneload_log; };
category notify { notify_log; };
category xfer-in { xfer_in_log; };
category xfer-out { xfer_out_log; };
category dnssec { dnssec_log; };
category rate-limit { rate_limit_log; };
category update { update_log; };
category update-security{ update_security_log; };
category database { database_log; };
category rpz { rpz_log; };
};
참고URL
- BIND 9 Documentation : BIND Logging
- zytrax.open : DNS BIND9 logging Clause
728x90
반응형
'네임서버' 카테고리의 다른 글
| BIND 9 Administrator Reference Manual (0) | 2013.06.24 |
|---|---|
| BIND 서버의 설정 파일과 존 파일의 구문 오류를 검출하는 방법 (0) | 2013.06.24 |
| BIND에서 view를 설정하는 방법 (0) | 2013.06.24 |
| DNS SPF 란, SPF 설정하는 방법 (0) | 2013.06.24 |
| BIND View 환경에서 rndc 명령어 사용 방법 (0) | 2013.06.21 |
