I am seeing lots of the failed lookups in fast succession in my logs and want a way of finding out which client ip is requesting those records from my Bind DNS servers. Any ideas how I can do this?

in the top of your named.conf

options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

##### add logging statements here ######

logging {
category lame-servers { null; };

channel default_syslog {
syslog local2;
severity info;
print-category yes;
print-severity yes;
};
category queries { default_syslog; };
};


edit your syslog if you only want named logs to go to a specific file
ie.. /var/log/named.log ( thats what i do)

*.info;mail.none;authpriv.none;cron.none;local2.none /var/log/messages


send local2 to named.log
local2.* /var/log/named.log

touch /var/log/named.log
restart syslog
restart named


it will show you logs like this.

named[2621]: queries: info: client 10.3.70.34#1025: query: bix.yimg.com IN A