How to log DNS server activity?
Ans : Sometimes you require to log DNS server activity to a file for future reference for analyse the activity on DNS server and whether DNS server is properly resolving accurately or not. rndc(remote name daemon control) is the command to use for DNS server activity logging. Let’s have a look how to log DNS server activity. In order to log DNS server entries just execute below command (you have to do this one as root user)
#rndc querylog
Note : When you execute the above command DNS server activity is logged on to server /var/log/messages file.
Example output of the clipped log file
bash-2.05b# /usr/sbin/rndc querylog bash-2.05b# tail -f /var/log/messages
Nov 18 18:00:16 ns1.abc.in named[29413]: query logging is now on
Nov 18 18:00:18 ns1.abc.in named[29413]: client 194.158.122.34#43071: query: abc.co.in IN MX
Nov 18 18:00:18 ns1.abc.in named[29413]: client 194.158.122.6#43587: query: smtp.abc.co.in IN A
Nov 18 18:00:19 ns1.abc.in named[29413]: client 82.8.211.193#19305: query: MX2.abc.co.in IN A
Nov 18 18:00:20 ns1.abc.in named[29413]: client 200.49.130.26#4111: query: abc.co.in IN MX
Nov 18 18:00:21 ns1.abc.in named[29413]: client 212.24.128.8#46547: query: abc.co.in IN MX
Nov 18 18:00:22 ns1.abc.in named[29413]: client 200.75.51.132#26540: query: MX2.abc.co.in IN A
In order to stop DNS logging activity please execute below command
#rndc querylog
Note : If you observe this command it is same as for starting the log activity, it is similar to how a walky-talky works.. You have to press same button for both on/off operations.
Example output of how it is stopped
bash-2.05b# /usr/sbin/rndc querylog bash-2.05b# tail -f messages
Nov 18 18:08:53 ns1.abc.com named[29413]: client 200.12.232.4#60450: query: abc.co.in IN MX
Nov 18 18:08:59 ns1.abc.com named[29413]: client 212.54.35.233#39027: query: ns1.abc.co.in IN A
Nov 18 18:08:59 ns1.abc.com named[29413]: client 212.54.35.233#10163: query: ns1.abc.co.in IN A
Nov 18 18:09:00 ns1.abc.com named[29413]: client 88.156.63.9#3661: query: abc.co.in IN MX
Nov 18 18:09:00 ns1.abc.com named[29413]: client 89.2.2.146#44622: query: abc.co.in IN MX
Nov 18 18:09:05 ns1.abc.com named[29413]: client 203.199.147.5#14678: query: cmex01.clairmail.local.intranet.abc.co.in IN A
Nov 18 18:09:06 ns1.abc.com named[29413]: client 117.98.17.34#1766: query: abc.co.in IN MX
Nov 18 18:09:06 ns1.abc.com named[29413]: client 203.119.8.106#28142: query: abc.co.in IN MX
Nov 18 18:09:11 ns1.abc.com named[29413]: client 217.171.113.9#4861: query: MX2.abc.co.in IN A
Nov 18 18:09:11 ns1.abc.com named[29413]: query logging is now off
Some FAQ’s:
1.Is it advaisable to restart a production DNS server?
Ans : No, Never try to restart a production DNS server without prior notice from your higher officials.
2.Then how can I update any changes I made to DNS server?
Ans : You can use rndc command to update the changes to dns server.
3.I want to update DNS server zone file entries to DNS server without restarting the named/bind server?
Ans : We can do it by using rndc command
#rndc reload
4.I want to reload named.conf file without restarting DNS server?
#rndc refresh
Please Comment your thoughts regarding this post:-)
Please visit https://www.linuxnix.com for more linux admin stuff
Latest posts by Surendra Anne (see all)
- Docker: How to copy files to/from docker container - June 30, 2020
- Anisble: ERROR! unexpected parameter type in action:
Fix - June 29, 2020 - FREE: JOIN OUR DEVOPS TELEGRAM GROUPS - August 2, 2019
- Review: Whizlabs Practice Tests for AWS Certified Solutions Architect Professional (CSAP) - August 27, 2018
- How to use ohai/chef-shell to get node attributes - July 19, 2018
