linux 查询dns服务器日志,RedHat5.3配置DNS服务器的日志及成功验证

说明：配置是转载的，后面我加了实例来验证了，的确成功了。

默认named的日志功能是关闭的，可以使用rndc status查看，如下所示：

#rndc status

number of zones: 8

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/1000

tcp clients: 0/100

使用rndc querylog开启named的日志功能，如下所示：

#rndc querylog

#rndc status

number of zones: 8

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is ON

recursive clients: 0/1000

tcp clients: 0/100

server is up and running

下来在/var/named/chroot/var/named目录下创建一个named.log文件名，这个文件名字随便叫，创建完了后设置权限，如下所示：

#chown named.named /var/named/chroot/var/named/named.log

#chmod 755 /var/named/chroot/var/named/named.log

如果你开启了selinux还要设置相应权限，如果selinux状态为enforcing，你做如下设置，系统会提示named没有权限访问named.log文件，不论我做怎样修改，还是提示无权限，最后我把selinux状态改为permissive状态，named的相关信息写入了named.log文件，但是selinux还是会警告用restorecon -v "./named.log"修改该文件的权限，我使用了restorecon命令后，哪个警告信息还是会出现的，怎么解决这个以后再说，如果你有好的建议，请说明一下。结果是如下所示：

#chcon -u system_u named.log

到此这个文件的相关设置就完成了，下来配置/etc/named.conf文件，在此文件里加入以下内容：

logging {

channel default_syslog { syslog local2; severity error; };

channel audit_log {

file "named.log" versions 3 size 20m;

severity info;

print-time yes;

print-category  yes;

};

category default { audit_log; };

category general { audit_log; };

category security { audit_log; default_syslog; };

category config { default_syslog; };

category resolver { audit_log; };

category xfer-in { audit_log; };

category xfer-out { audit_log; };

category notify { audit_log; };

category client { audit_log; };

category network { audit_log; };

category update { audit_log; };

category queries { audit_log; };

category lame-servers { audit_log; };

};

重启你的named进程，以后你的dns相关信息就会出现这个文件里！

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u1/36549/showart_1006860.html

****************************************************************

以下实例是我依据上面的理论添加的，的确成功了。

1：我的DNS配置文件/etc/named.conf

//

// named.caching-nameserver.conf

//

// Provided by Red Hat caching-nameserver package to configure the

// ISC BIND named(8) DNS server as a caching only nameserver

// (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// DO NOT EDIT THIS FILE - use system-config-bind or an editor

// to create named.conf - edits to this file will be lost on

// caching-nameserver package upgrade.

//

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory       "/var/named";

dump-file       "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

// Those options should be used carefully because they disable port

// randomization

// query-source    port 53;

// query-source-v6 port 53;

allow-query     { any; };

};

#logging {

#        channel default_debug {

#                file "data/named.run";

#               severity dynamic;

#        };

#};

logging {

channel default_syslog { syslog local2; severity error; };

channel audit_log {

file "named.log" versions 3 size 20m;

severity info;

print-time yes;

print-category  yes;

};

category default { audit_log; };

category general { audit_log; };

category security { audit_log; default_syslog; };

category config { default_syslog; };

category resolver { audit_log; };

category xfer-in { audit_log; };

category xfer-out { audit_log; };

category notify { audit_log; };

category client { audit_log; };

category network { audit_log; };

category update { audit_log; };

category queries { audit_log; };

category lame-servers { audit_log; };

};view localhost_resolver {

match-clients      { any; };

match-destinations { any; };

recursion yes;

include "/etc/named.rfc1912.zones";

};

*****蓝色部分就是日志配置了*******

2：查询

为了方便查找日志文件路径以及管理，统一放在/var/log ,我做了一个软链接：

ln -s /var/named/chroot/var/named/named.log /var/log/named.log

看一下，/var/log/named.log是空的，什么也没有

[root@www log]# tail named.log

[root@www log]# pwd

/var/log

验证一下，查询百度

[root@www /]#dig

[root@www log]# dig

; <<>> DiG 9.3.4-P1 <<>>

;; global options:  printcmd

;; Got answer:

;; ->>HEADER

;; QUESTION SECTION:

; IN      A

;; ANSWER SECTION:

.          547     IN      CNAME   .

.       600     IN      A       119.75.213.61

.       600     IN      A       119.75.216.30

;; AUTHORITY SECTION:

a.shifen.com.           85758   IN      NS      ns1.a.shifen.com.

a.shifen.com.           85758   IN      NS      ns3.a.shifen.com.

a.shifen.com.           85758   IN      NS      ns5.a.shifen.com.

a.shifen.com.           85758   IN      NS      ns6.a.shifen.com.

;; Query time: 66 msec

;; SERVER: 192.168.1.112#53(192.168.1.112)

;; WHEN: Fri Jun 19 14:54:05 2009

;; MSG SIZE  rcvd: 162

再来看看/var/log/named.log

[root@www log]# tail named.log

19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: IN A +

已经有日志记录了。

本地查询一下：

[root@www log]# nslookup

>

Server:         192.168.1.112

Address:        192.168.1.112#53

Name:

Address: 192.168.1.112

> 192.168.1.112

Server:         192.168.1.112

Address:        192.168.1.112#53

112.1.168.192.in-addr.arpa      name = .

>

本地查询记录也有了

再来看看 /var/log/named.log

[root@www log]# tail named.log

19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: IN A +

19-Jun-2009 14:55:18.607 queries: client 192.168.1.112#57028: view localhost_resolver: query: IN A +

19-Jun-2009 14:55:23.182 queries: client 192.168.1.112#37790: view localhost_resolver: query: 112.1.168.192.in-addr.arpa IN PTR +

看看/var/log/messages 还有没有记录DNS记录.

[root@www log]# tail messages

Jun 19 14:41:42 www named[3099]: command channel listening on 127.0.0.1#953

Jun 19 14:41:42 www named[3099]: command channel listening on ::1#953

已经没有该DNS记录的信息了。说明DNS已经把日志输出在了专门的文件了。即

named.log

********************验证成功************************