RedHat5.3配置DNS服务器的日志及成功验证
时间:2009-06-19 来源:www_xylove
说明:配置是转载的,后面我加了实例来验证了,的确成功了。
默认named的日志功能是关闭的,可以使用rndc status查看,如下所示:
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
使用rndc querylog开启named的日志功能,如下所示:
#rndc querylog
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
下来在/var/named/chroot/var/named目录下创建一个named.log文件名,这个文件名字随便叫,创建完了后设置权限,如下所示:
#chown named.named /var/named/chroot/var/named/named.log
#chmod 755 /var/named/chroot/var/named/named.log
如果你开启了selinux还要设置相应权限,如果selinux状态为enforcing,你做如下设置,系统会提示named没有权限访问named.log文件,不论我做怎样修改,还是提示无权限,最后我把selinux状态改为permissive状态,named的相关信息写入了named.log文件,但是selinux还是会警告用restorecon -v "./named.log"修改该文件的权限,我使用了restorecon命令后,哪个警告信息还是会出现的,怎么解决这个以后再说,如果你有好的建议,请说明一下。结果是如下所示:
#chcon -u system_u named.log
到此这个文件的相关设置就完成了,下来配置/etc/named.conf文件,在此文件里加入以下内容:
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
重启你的named进程,以后你的dns相关信息就会出现这个文件里!
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/36549/showart_1006860.html **************************************************************** 以下实例是我依据上面的理论添加的,的确成功了。 1:我的DNS配置文件/etc/named.conf //
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port
// randomization // query-source port 53;
// query-source-v6 port 53; allow-query { any; };
};
#logging {
# channel default_debug {
# file "data/named.run";
# severity dynamic;
# };
#};
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; }; category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
*****蓝色部分就是日志配置了******* 2:查询 为了方便查找日志文件路径以及管理,统一放在/var/log ,我做了一个软链接: ln -s /var/named/chroot/var/named/named.log /var/log/named.log 看一下,/var/log/named.log是空的,什么也没有 [root@www log]# tail named.log
[root@www log]# pwd
/var/log 验证一下,查询百度 [root@www /]#dig www.baidu.com [root@www log]# dig www.baidu.com ; <<>> DiG 9.3.4-P1 <<>> www.baidu.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23745
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION:
;www.baidu.com. IN A ;; ANSWER SECTION:
www.baidu.com. 547 IN CNAME www.a.shifen.com.
www.a.shifen.com. 600 IN A 119.75.213.61
www.a.shifen.com. 600 IN A 119.75.216.30 ;; AUTHORITY SECTION:
a.shifen.com. 85758 IN NS ns1.a.shifen.com.
a.shifen.com. 85758 IN NS ns3.a.shifen.com.
a.shifen.com. 85758 IN NS ns5.a.shifen.com.
a.shifen.com. 85758 IN NS ns6.a.shifen.com. ;; Query time: 66 msec
;; SERVER: 192.168.1.112#53(192.168.1.112)
;; WHEN: Fri Jun 19 14:54:05 2009
;; MSG SIZE rcvd: 162 再来看看/var/log/named.log [root@www log]# tail named.log
19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: www.baidu.com IN A +
已经有日志记录了。 本地查询一下: [root@www log]# nslookup
> www.apple.com
Server: 192.168.1.112
Address: 192.168.1.112#53 Name: www.apple.com
Address: 192.168.1.112
> 192.168.1.112
Server: 192.168.1.112
Address: 192.168.1.112#53 112.1.168.192.in-addr.arpa name = www.apple.com.
> 本地查询记录也有了 再来看看 /var/log/named.log [root@www log]# tail named.log
19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: www.baidu.com IN A +
19-Jun-2009 14:55:18.607 queries: client 192.168.1.112#57028: view localhost_resolver: query: www.apple.com IN A +
19-Jun-2009 14:55:23.182 queries: client 192.168.1.112#37790: view localhost_resolver: query: 112.1.168.192.in-addr.arpa IN PTR + 看看/var/log/messages 还有没有记录DNS记录.
[root@www log]# tail messages
Jun 19 14:41:42 www named[3099]: command channel listening on 127.0.0.1#953
Jun 19 14:41:42 www named[3099]: command channel listening on ::1#953
已经没有该DNS记录的信息了。说明DNS已经把日志输出在了专门的文件了。即 named.log ********************验证成功************************
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
使用rndc querylog开启named的日志功能,如下所示:
#rndc querylog
#rndc status
number of zones: 8
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
下来在/var/named/chroot/var/named目录下创建一个named.log文件名,这个文件名字随便叫,创建完了后设置权限,如下所示:
#chown named.named /var/named/chroot/var/named/named.log
#chmod 755 /var/named/chroot/var/named/named.log
如果你开启了selinux还要设置相应权限,如果selinux状态为enforcing,你做如下设置,系统会提示named没有权限访问named.log文件,不论我做怎样修改,还是提示无权限,最后我把selinux状态改为permissive状态,named的相关信息写入了named.log文件,但是selinux还是会警告用restorecon -v "./named.log"修改该文件的权限,我使用了restorecon命令后,哪个警告信息还是会出现的,怎么解决这个以后再说,如果你有好的建议,请说明一下。结果是如下所示:
#chcon -u system_u named.log
到此这个文件的相关设置就完成了,下来配置/etc/named.conf文件,在此文件里加入以下内容:
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; };
category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
重启你的named进程,以后你的dns相关信息就会出现这个文件里!
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/36549/showart_1006860.html **************************************************************** 以下实例是我依据上面的理论添加的,的确成功了。 1:我的DNS配置文件/etc/named.conf //
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt"; // Those options should be used carefully because they disable port
// randomization // query-source port 53;
// query-source-v6 port 53; allow-query { any; };
};
#logging {
# channel default_debug {
# file "data/named.run";
# severity dynamic;
# };
#};
logging {
channel default_syslog { syslog local2; severity error; };
channel audit_log {
file "named.log" versions 3 size 20m;
severity info;
print-time yes;
print-category yes;
};
category default { audit_log; };
category general { audit_log; };
category security { audit_log; default_syslog; };
category config { default_syslog; }; category resolver { audit_log; };
category xfer-in { audit_log; };
category xfer-out { audit_log; };
category notify { audit_log; };
category client { audit_log; };
category network { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
*****蓝色部分就是日志配置了******* 2:查询 为了方便查找日志文件路径以及管理,统一放在/var/log ,我做了一个软链接: ln -s /var/named/chroot/var/named/named.log /var/log/named.log 看一下,/var/log/named.log是空的,什么也没有 [root@www log]# tail named.log
[root@www log]# pwd
/var/log 验证一下,查询百度 [root@www /]#dig www.baidu.com [root@www log]# dig www.baidu.com ; <<>> DiG 9.3.4-P1 <<>> www.baidu.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23745
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION:
;www.baidu.com. IN A ;; ANSWER SECTION:
www.baidu.com. 547 IN CNAME www.a.shifen.com.
www.a.shifen.com. 600 IN A 119.75.213.61
www.a.shifen.com. 600 IN A 119.75.216.30 ;; AUTHORITY SECTION:
a.shifen.com. 85758 IN NS ns1.a.shifen.com.
a.shifen.com. 85758 IN NS ns3.a.shifen.com.
a.shifen.com. 85758 IN NS ns5.a.shifen.com.
a.shifen.com. 85758 IN NS ns6.a.shifen.com. ;; Query time: 66 msec
;; SERVER: 192.168.1.112#53(192.168.1.112)
;; WHEN: Fri Jun 19 14:54:05 2009
;; MSG SIZE rcvd: 162 再来看看/var/log/named.log [root@www log]# tail named.log
19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: www.baidu.com IN A +
已经有日志记录了。 本地查询一下: [root@www log]# nslookup
> www.apple.com
Server: 192.168.1.112
Address: 192.168.1.112#53 Name: www.apple.com
Address: 192.168.1.112
> 192.168.1.112
Server: 192.168.1.112
Address: 192.168.1.112#53 112.1.168.192.in-addr.arpa name = www.apple.com.
> 本地查询记录也有了 再来看看 /var/log/named.log [root@www log]# tail named.log
19-Jun-2009 14:54:05.395 queries: client 192.168.1.112#53497: view localhost_resolver: query: www.baidu.com IN A +
19-Jun-2009 14:55:18.607 queries: client 192.168.1.112#57028: view localhost_resolver: query: www.apple.com IN A +
19-Jun-2009 14:55:23.182 queries: client 192.168.1.112#37790: view localhost_resolver: query: 112.1.168.192.in-addr.arpa IN PTR + 看看/var/log/messages 还有没有记录DNS记录.
[root@www log]# tail messages
Jun 19 14:41:42 www named[3099]: command channel listening on 127.0.0.1#953
Jun 19 14:41:42 www named[3099]: command channel listening on ::1#953
已经没有该DNS记录的信息了。说明DNS已经把日志输出在了专门的文件了。即 named.log ********************验证成功************************
相关阅读 更多 +
