CentOS 6: Configure bind logging with bind-chroot

There are two possible configurations:

  1. the syslog one (more elegant)
  2. the file one.

The purpose of the article is to help you create a bind-chroot configuration to separate daemon messages from users queries.

Note that with CentOS 6 bind chrooting is done by mount points, see mount | fgrep named while named is started ; you must not symlink configurations files and you should edit files directly under /etc. Though, you should not put your configuration directly in /etc/named.conf but include your own files under /etc/named/ using the include directive.

With a chrooted bind, since log files are physically placed under /var/named/chroot/var/log/, a lazy admin would want to symlink them in /var/log/:

ln -sf /var/named/chroot/var/log/dns.log /var/log/dns.log
ln -sf /var/named/chroot/var/log/dns_queries.log /var/log/dns_queries.log

1. Logging to syslog

1.1 Configure named for syslog

  • /etc/named.conf: Remove the logging{} block and include your own file
[...]
include "/etc/named/named.conf.local";
  • /etc/named/named.conf.local:
[...]
// Do not print-time, it's redundant with syslog header.
logging {
        channel log_dns {
                syslog local3;
                print-category yes;
                print-severity yes;
                print-time no;
        };
        channel log_queries {
                syslog local4;
                print-category yes;
                print-severity yes;
                print-time no;
        };
        category default {log_dns;};
        category queries {log_queries;};
        category lame-servers { null;};
        category edns-disabled { null; };
};

1.2 Configure rsyslog

  • /etc/rsyslog.conf:
# Don't forget to add the chrooted log socket.
$AddUnixListenSocket /var/named/chroot/dev/log
if $syslogfacility-text == 'local3' then /var/named/chroot/var/log/dns.log
& ~
if $syslogfacility-text == 'local4' then /var/named/chroot/var/log/dns_queries.log
& ~

1.3 Configure logrotate

  • /etc/logrotate.d/named:

Rsyslog must be reloaded before named in order to create the new empty log files after rotation.

/var/named/chroot/var/log/dns.log
/var/named/chroot/var/log/dns_queries.log
/var/named/data/named.run {
    missingok
    create 0644 named named
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
        /sbin/service named reload  2> /dev/null > /dev/null || true
    endscript
}

You’re all set.

2. Logging to files

2.1 Configure named

  • /etc/named.conf: Remove the logging{} block and include your own file
[...]
include "/etc/named/named.conf.local";
  • /etc/named/named.conf.local:
[...]
logging {
        channel log_dns {
                file "/var/log/dns.log" versions 3 size 10m;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel log_queries {
                file "/var/log/dns_queries.log" versions 3 size 20m;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category default {log_dns;};
        category queries {log_queries;};
        category lame-servers { null;};
        category edns-disabled { null; };
};

You’re all set.

1 comment so far.

  1. Lonny Balderston

    Very helpful, thanks! Just changing the logging stanza (under your syslog section) sends the messages to syslog, just what I needed.

Share your thoughts

*