SUSE Support

Here When You Need Us

Bind Compatible DNS Query Logging

This document (7014736) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
 

Situation

How to turn on Bind compatible DNS query logging

Resolution

The command to toggle logging on and off is: rndc querylog

 

The logging will be sent to /var/opt/<xxxxxx>/log/named/named.run on OES and /var/log/messages on SLES.

For Example:

Turn on logging by typing rndc querylog at the console.

Typing rndc querylog again will turn it off.

Typing rndc querylog again will turn it on

Now with it turned on send a query to the DNS server.  For example: bogus.com.

Turn logging off  with another rndc querylog command.

 

After doing this test I looked in the /var/opt/<xxxxxx>/log/named/named.run file of a test server running OES2 SP3 and found the following:

 

13-Mar-2014 13:39:07.015 general: server: info: query logging is now on

13-Mar-2014 13:40:46.870 general: server: info: query logging is now off

13-Mar-2014 13:41:15.558 general: server: info: query logging is now on

13-Mar-2014 13:42:10.431 queries: query: info: client 151.155.213.242#33575: query: bogus.com IN A +

13-Mar-2014 13:45:18.179 general: server: info: query logging is now off

 

There are other things being logged to this log file.

To just see the queries in their own file you can do a simple grep command like the following:

grep -i "query:" /var/opt/<xxxxxx>/log/named/named.run >> dnsqueries.log

Then use vi or cat on the dnsqueries.log

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7014736
  • Creation Date: 13-Mar-2014
  • Modified Date:14-Mar-2021
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.