Bind Compatible DNS Query Logging
This document (7014736) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 10
Situation
Resolution
The logging will be sent to /var/opt/<xxxxxx>/log/named/named.run on OES and /var/log/messages on SLES.
For Example:
Turn on logging by typing rndc querylog at the console.
Typing rndc querylog again will turn it off.
Typing rndc querylog again will turn it on
Now with it turned on send a query to the DNS server. For example: bogus.com.
Turn logging off with another rndc querylog command.
After doing this test I looked in the /var/opt/<xxxxxx>/log/named/named.run file of a test server running OES2 SP3 and found the following:
13-Mar-2014 13:39:07.015 general: server: info: query logging is now on
13-Mar-2014 13:40:46.870 general: server: info: query logging is now off
13-Mar-2014 13:41:15.558 general: server: info: query logging is now on
13-Mar-2014 13:42:10.431 queries: query: info: client 151.155.213.242#33575: query: bogus.com IN A +
13-Mar-2014 13:45:18.179 general: server: info: query logging is now off
There are other things being logged to this log file.
To just see the queries in their own file you can do a simple grep command like the following:
grep -i "query:" /var/opt/<xxxxxx>/log/named/named.run >> dnsqueries.log
Then use vi or cat on the dnsqueries.log
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7014736
- Creation Date: 13-Mar-2014
- Modified Date:14-Mar-2021
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
