Bind : journaliser les requêtes DNS

Boris HUISGEN
Boris HUISGEN
|

Pour enregistrer l’ensemble des requêtes soumises à votre serveur DNS bind, il faut ajouter ce bloc à votre fichier de configuration :

// Logging
logging {
    category "default" { "debug"; };
    category "general" { "debug"; };
    category "database" { "debug"; };
    category "security" { "debug"; };
    category "config" { "debug"; };
    category "resolver" { "debug"; };
    category "xfer-in" { "debug"; };
    category "xfer-out" { "debug"; };
    category "notify" { "debug"; };
    category "client" { "debug"; };
    category "unmatched" { "debug"; };
    category "network" { "debug"; };
    category "update" { "debug"; };
    category "queries" { "debug"; };
    category "dispatch" { "debug"; };
    category "dnssec" { "debug"; };
    category "lame-servers" { "debug"; };

    channel "debug" {
        file "/var/log/named.log" versions 3 size 10m;
        print-time yes;
        print-category yes;
    };
};

L’ensemble des requêtes et opérations effectuées par le serveur sera alors logué. Voici un exemple de sortie type :

18-May-2010 09:46:06.775 queries: client 192.168.2.26#64549: query: www.liberation.fr IN A +
18-May-2010 09:46:06.776 queries: client 192.168.2.26#64550: query: images.apple.com IN A +
18-May-2010 09:46:06.776 queries: client 192.168.2.26#64551: query: permanent.nouvelobs.com IN A +
18-May-2010 09:46:06.823 queries: client 192.168.1.4#58414: query: pagead2.googlesyndication.com IN A +
18-May-2010 09:46:06.997 queries: client 192.168.2.26#64552: query: tempsreel.nouvelobs.com IN A +
18-May-2010 09:46:07.022 queries: client 192.168.1.4#57886: query: googleads.g.doubleclick.net IN A +
18-May-2010 09:46:08.023 queries: client 192.168.1.4#57582: query: oswald.pages.de IN A +
18-May-2010 09:46:08.024 queries: client 192.168.1.4#61346: query: twitter.com IN A +
18-May-2010 09:46:08.024 queries: client 192.168.1.4#51376: query: www.facebook.com IN A +
18-May-2010 09:46:08.733 queries: client 192.168.100.25#43974: query: 10.1.168.192.sbl-xbl.spamhaus.org IN A +
18-May-2010 09:46:08.797 queries: client 192.168.100.25#43974: query: 10.1.168.192.bl.spamcop.net IN A +
18-May-2010 09:46:08.859 queries: client 192.168.100.25#43974: query: 10.1.168.192.cbl.abuseat.org IN A +
18-May-2010 09:46:08.859 queries: client 192.168.100.25#43974: query: 10.1.168.192.rbl.mail-abuse.org IN A +
18-May-2010 09:46:09.317 queries: client 192.168.2.29#57087: query: www.facebook.com IN A +
18-May-2010 09:46:09.516 queries: client 192.168.100.25#43974: query: hookah.nl IN MX +
18-May-2010 09:46:09.558 lame-servers: host unreachable resolving 'ns2.sekeris.nl/A/IN': 2a00:d78:0:102:193:176:144:2#53
18-May-2010 09:46:09.558 lame-servers: host unreachable resolving 'ns2.sekeris.nl/AAAA/IN': 2001:7b8:606::28#53
18-May-2010 09:46:09.558 lame-servers: host unreachable resolving 'ns2.sekeris.nl/A/IN': 2001:500:2e::1#53
18-May-2010 09:46:09.558 lame-servers: host unreachable resolving 'ns2.sekeris.nl/AAAA/IN': 2a00:d78:0:102:193:176:144:2#53
18-May-2010 09:46:09.558 lame-servers: host unreachable resolving 'ns2.sekeris.nl/AAAA/IN': 2001:610:0:800d::2#53
Boris HUISGEN
Boris HUISGEN
Blog owner
  • #dns
  • #bind