본문 바로가기

네임서버

BIND logging | BIND 9.5.x

반응형

BIND logging | BIND 9.5.x

카테고리 설명
default The default category defines the logging options for those categories where no specific configuration has been defined.
general The catch-all. Many things still aren't classified into categories, and they all end up here.
database Messages relating to the databases used internally by the name server to store zone and cache data
security Approval and denial of requests.
config Configuration file parsing and processing.
resolver DNS resolution, such as the recursive lookups performed on behalf of clients by a caching name server.
xfer-in Zone transfers the server is receiving.
xfer-out Zone transfers the server is sending.
notify The NOTIFY protocol.
client Processing of client requests.
unmatched Messages that named was unable to determine the class of or for which there was no matching view.
A one line summary is also logged to the clientcategory.
This category is best sent to a file or stderr, by default it is sent to the null channel.
network Network operations.
update Dynamic updates.
update-security Approval and denial of update requests.
queries Specify where queries should be logged to.
At startup, specifying the category queries will also enable query logging unless querylog option has been specified.
The query log entry reports the client's IP address and port number, and the query name, class and type. It also reports whether the Recursion Desired flag was set (+ if set, -if not set), if the query was signed (S),EDNS was in use (E), if DO (DNSSEC Ok) was set (D), or if CD (Checking Disabled) was set (C).
client 127.0.0.1#62536: query: www.example.comIN AAAA +SE
client ::1#62537: query: www.example.netIN AAAA -SE
query-errors Information about queries that resulted in some failure.
dispatch Dispatching of incoming packets to the server modules where they are to be processed.
dnssec DNSSEC and TSIG protocol processing.
lame-servers Lame servers. These are misconfigurations in remote servers, discovered by BIND 9 when trying to query those servers during resolution.
delegation-only Delegation only. Logs queries that have been forced to NXDOMAIN as the result of a delegation-only zone or a delegation-only in a hint or stub zone declaration.
edns-disabled Log queries that have been forced to use plain DNS due to timeouts. This is often due to the remote servers not being RFC 1034 compliant (not always returning FORMERR or similar to EDNS queries and other extensions to the DNS when they are not understood). In other words, this is targeted at servers that fail to respond to DNS queries that they don't understand.
Note: the log message can also be due to packet loss. Before reporting servers for non-RFC 1034 compliance they should be re-tested to determine the nature of the non-compliance. This testing should prevent or reduce the number of false-positive reports.
Note: eventually named will have to stop treating such timeouts as due to RFC 1034 non ompliance and start treating it as plain packet loss. Falsely classifying packet loss as due to RFC 1034 non compliance impacts on DNSSEC validation which requires EDNS for the DNSSEC records to be returned.

 

참고URL

- ISC : http://www.isc.org/software/bind/documentation/arm95

- zytrax.open : https://www.zytrax.com/books/dns/ch7/logging.html

 

728x90
반응형