To log DNS queries on linux, we use logging feature of Bind server.Suppose you want to log dns queries in file /var/log/querylog.log in this case make following entries in /etc/named.conf.
logging {
channel querylog{
file "/var/log/querylog";
severity debug 3;
print-category yes;
print-time yes;
print-severity yes;
};
category queries { querylog;};
};
After putting above lines in /etc/named.conf , It is advisable to create log file manually
Restart bind server to apply changes
Do some queries to dns server using dig or nslookup
View query now in file /var/log/querylog.
logging {
channel querylog{
file "/var/log/querylog";
severity debug 3;
print-category yes;
print-time yes;
print-severity yes;
};
category queries { querylog;};
};
After putting above lines in /etc/named.conf , It is advisable to create log file manually
root#touch /var/log/querylogAnd and make it writeable by user named
root#chown named.named /var/log/querylog
Restart bind server to apply changes
root#/etc/init.d/named restart
Do some queries to dns server using dig or nslookup
View query now in file /var/log/querylog.
root#tail /var/log/querylog
