LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   BIND 9 not logging to custom logs (http://www.linuxquestions.org/questions/linux-server-73/bind-9-not-logging-to-custom-logs-626429/)

skibler1223 03-07-2008 10:49 AM

BIND 9 not logging to custom logs
 
I tried to set up BIND 9 to log to custom logfiles. Bind starts fine but I do get the following relevant errors in /var/log/messages:

Code:

Mar  7 03:59:16 brutus named[10207]: logging channel 'update_debug' file '/var/log/named/named_update.log': file not found
Mar  7 03:59:16 brutus named[10207]: logging channel 'security_info' file '/var/log/named/named_auth.log': file not found
Mar  7 03:59:16 brutus named[10207]: logging channel 'info' file '/var/log/named/named_info.log': file not found

here is what I did:

ls -la of /var/log/named ----- Permissions should be ok
Code:

total 12K
drwxr-x---  2 named named 4.0K Mar  7 03:53 .
drwxr-xr-x 11 root  root  4.0K Mar  7 04:14 ..
-rw-------  1 named named    0 Mar  4 04:55 named_auth.log
-rw-------  1 named named    0 Mar  7 03:53 named_info.log
-rw-------  1 named named    0 Mar  4 04:55 named_update.log


Bind configuration file
Code:

#Set some global options - forward if not in cache to SSSnet nameservers
options {
        directory "/var/named/";
        auth-nxdomain yes;
        forwarders {
                super-secret-ip
                super-secret-ip
        };
        forward first;
};

key DNS-UPD {
  algorithm hmac-md5;
  secret ipg9BJn8h6SGWlDRJYCDyg==;
};

zone "." {
        type hint;
        file "named.ca";
};

zone "home.lnx" {
        type master;
        file "named.home.lnx";
        allow-update { key DNS-UPD; };
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "named.1.168.192.in-addr.arpa";
        allow-update { key DNS-UPD; };
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
        allow-update { key DNS-UPD; };
};

logging {
              channel update_debug {
                    file "/var/log/named/named_update.log";
                    severity debug 5;
                    print-time yes;
                    print-severity yes;
                    print-category yes;
              };
              channel security_info {
                    file "/var/log/named/named_auth.log";
                    severity notice;
                    print-time yes;
                    print-severity yes;
                    print-category yes;
              };
              channel info {
                    file "/var/log/named/named_info.log";
                    severity info;
                    print-time yes;
                    print-severity yes;
                    print-category yes;
              };

              category update { update_debug; };
              category security { security_info; };
              category queries { info; };
        };


XardasCZ 03-13-2008 10:17 PM

Hi,

try to check, if your bind9 running in chroot, if you have created log directory.

Example:
bind9 running in chroot:
/var/named/chroot - you need to create dir /var/named/chroot/var/log, because your bind is running in /var/named but under chroot.
Maybe it can help ;-)

skibler1223 03-13-2008 11:14 PM

Thanks
 
Thanks for the reply, I forgot to close this post. I have this posted again somewhere in the forums here I think. Either way I think this actually is the problem I am having I am running named in a chroot and trying to log to /var/log/named/foo.log.

Thank you for your time and advice, sorry I didn't close this out.

Sean

zeevikn 01-21-2009 02:35 AM

I have the same problem
 
on my server, bind is installed under
/var/lib/named/etc/bind
and there is a link
/etc/bind -> /var/lib/named/etc/bind

I tried configuring the log files under /var/log/named_auth.log (etc) but get the same "file not found" response.
Bind is running under username bind.

Where should I put the log files ?
under /var/lib/named/var/log ?

thanks,
Zeevik.

skibler1223 01-22-2009 07:22 AM

You are likely also running Bind under a chroot.

But first be sure that the permissions on /var/log/named_auth.log and others are correct. Best case scenario is named is owner and group, owner with permissions of 0640.

If permissions aren't your problem that chroot probably is.

Yes you should put the log directory under /var/lib/named/var/ or perhaps /var/lib/named. I would prefer /var/lib/named/var as to follow FHS considering the chroot jail.

This is all making the assumption that /var/lib/named is where named is being chrooted at, and it more than likely is. Check your configuration file to be certain.

BadReligion

zeevikn 01-23-2009 02:10 AM

Still does not work
 
Tried to above suggestions and changes, but still get the same error.

this is where bind9 is installed
/var/lib/named/etc/bind

Bind is running under bind9 user
qa-dhcp-01:/var/lib/named/var/log#ps aux | grep bind
/usr/sbin/named -u bind -t /var/lib/named

Logging is configured as follows:
file "/var/lib/named/var/log/named_update.log" versions 2 size 50m;
file "/var/lib/named/var/log/named_auth.log" versions 2 size 50m;
file "/var/lib/named/var/log/named_info.log" versions 2 size 50m;

This is the log dir
qa-dhcp-01:/var/lib/named/var/log# ls -l
-rw-r----- 1 bind bind 0 2009-01-23 10:00 named_auth.log
-rw-r----- 1 bind bind 0 2009-01-23 10:00 named_info.log
-rw-r----- 1 bind bind 0 2009-01-23 10:00 named_update.log


And yet, the daemon.log states (of course, after bind9 restart):
Jan 23 10:02:13 qa-dhcp-01 named[7788]: logging channel 'update_debug' file '/var/lib/named/var/log/named_update.log': file not found
Jan 23 10:02:13 qa-dhcp-01 named[7788]: logging channel 'security_info' file '/var/lib/named/var/log/named_auth.log': file not found
Jan 23 10:02:13 qa-dhcp-01 named[7788]: logging channel 'info' file '/var/lib/named/var/log/named_info.log': file not found

Any suggestions ?

Thanks,
Zeevik.

skibler1223 01-24-2009 12:09 PM

This may be useful for you to read: http://www.bind9.net/manual/bind/9.2...7.html#AEN4226

As you have currently configured, BIND 9 is trying to look in /var/lib/named for /var/lib/named/var/log/named_update.log.

You would want to change your log directory to just be /var/log/ rather than /var/lib/named/var/log.

Some daemons will process all the configurations and then drop into a chroot jail. Others, such as BIND 9 will only read the configuration file and do some other important things like open sockets/ports, go to a jail then deal with finding log files.

Badreligion

zeevikn 01-25-2009 03:02 AM

Thanks !!!!
your suggestion solved the problem, and logging is working.
logging is now configured to :
Code:

file "/var/log/named_info.log" versions 2 size 50m;
which actually points to
/var/lib/named/var/log

matsyuf 05-23-2009 02:28 PM

MY 1st POST

I have configure a LAN dns server but I get an error when i check configurations as below

No Error

Mats:/var/chroot/bind9/etc/bind# named-checkzone vun.lan. db.vun.lan
zone vun.lan/IN: loaded serial 20090521
OK
Mats:/var/chroot/bind9/etc/bind#

Error

Mats:/var/chroot/bind9/etc/bind# named-checkzone vun.lan. db.1.168.192.in-addr.arpa
zone vun.lan/IN: NS 'Mats.vun.lan' has no address records (A or AAAA)
zone vun.lan/IN: loaded serial 20090521
OK
Mats:/var/chroot/bind9/etc/bind#


How can I get ride of that error, below are my zone files

zone.vun.lan

Mats:/var/chroot/bind9/etc/bind# cat db.vun.lan
$TTL 172800
@ IN SOA Mats.vun.lan. info.vun.lan. (
20090521; serial-no
36000; refresh, seconds
18000; retry, seconds
518400; expiry, seconds
172800; minimum-TTL, seconds
)
@ IN NS Mats.vun.lan.
@ IN MX 10 Mats.vun.lan.

Mats.vun.lan. IN A 192.168.1.43

www IN A 192.168.1.43

Mats:/var/chroot/bind9/etc/bind#

REVERSE ZONE

Mats:/var/chroot/bind9/etc/bind# cat db.1.168.192.in-addr.arpa
$TTL 172800
@ IN SOA Mats.vun.lan. info.vun.lan. (
20090521; serial-no
36000; refresh, seconds
18000; retry, seconds
518400; expiry, seconds
172800; minimum-TTL, seconds
)
@ IN NS Mats.vun.lan.

192.168.1.43 IN PTR Mats.vun.lan.
Mats:/var/chroot/bind9/etc/bind#


Below r my Zone Files

Mats:/var/chroot/bind9/etc/bind# cat db.vun.lan
;
; BIND data file for vun.lan
;
$TTL 604800
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090524 ; serial
7200 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
@ IN NS Mats.vun.lan.
@ IN NS Mon.vun.lan.
@ IN A 192.168.1.15
@ IN A 192.168.1.43
@ IN MX 10 Mats.vun.lan.
Mats IN A 192.168.1.43
vun.lan.IN A 192.168.1.43
Mon IN A 192.168.1.15
www IN CNAME Mats
Mats:/var/chroot/bind9/etc/bind#


Mats:/var/chroot/bind9/etc/bind# cat db.1.168.192.rev
;
; BIND data file for 1.168.192
;
$TTL 604800
$ORIGIN 1.1.168.192.in-addr-arpa.
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090524 ; serial
604800 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
IN NS Mats.vun.lan.
IN NS Mon.vun.lan.
43 IN PTR Mats.vun.lan.
43 IN PTR vun.lan.
15 IN PTR Mon.vun.lan.
Mats:/var/chroot/bind9/etc/bind#

Mats:/# dig vun.lan

; <<>> DiG 9.5.1-P1 <<>> vun.lan
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50094
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;vun.lan. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 23 22:24:35 2009
;; MSG SIZE rcvd: 25

Mats:/# dig Mats.vun.lan

; <<>> DiG 9.5.1-P1 <<>> Mats.vun.lan
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30389
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;Mats.vun.lan. IN A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 23 22:28:19 2009
;; MSG SIZE rcvd: 30

Mats:/#

I still cant resolv.

matsyuf 05-23-2009 02:30 PM

DNS error
 
MY 1st POST

I have configure a LAN dns server but I get an error when i check configurations as below

No Error

Mats:/var/chroot/bind9/etc/bind# named-checkzone vun.lan. db.vun.lan
zone vun.lan/IN: loaded serial 20090521
OK
Mats:/var/chroot/bind9/etc/bind#

Error

Mats:/var/chroot/bind9/etc/bind# named-checkzone vun.lan. db.1.168.192.in-addr.arpa
zone vun.lan/IN: NS 'Mats.vun.lan' has no address records (A or AAAA)
zone vun.lan/IN: loaded serial 20090521
OK
Mats:/var/chroot/bind9/etc/bind#


How can I get ride of that error, below are my zone files

zone.vun.lan

Mats:/var/chroot/bind9/etc/bind# cat db.vun.lan
$TTL 172800
@ IN SOA Mats.vun.lan. info.vun.lan. (
20090521; serial-no
36000; refresh, seconds
18000; retry, seconds
518400; expiry, seconds
172800; minimum-TTL, seconds
)
@ IN NS Mats.vun.lan.
@ IN MX 10 Mats.vun.lan.

Mats.vun.lan. IN A 192.168.1.43

www IN A 192.168.1.43

Mats:/var/chroot/bind9/etc/bind#

REVERSE ZONE

Mats:/var/chroot/bind9/etc/bind# cat db.1.168.192.in-addr.arpa
$TTL 172800
@ IN SOA Mats.vun.lan. info.vun.lan. (
20090521; serial-no
36000; refresh, seconds
18000; retry, seconds
518400; expiry, seconds
172800; minimum-TTL, seconds
)
@ IN NS Mats.vun.lan.

192.168.1.43 IN PTR Mats.vun.lan.
Mats:/var/chroot/bind9/etc/bind#


Below r my Zone Files

Mats:/var/chroot/bind9/etc/bind# cat db.vun.lan
;
; BIND data file for vun.lan
;
$TTL 604800
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090524 ; serial
7200 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
@ IN NS Mats.vun.lan.
@ IN NS Mon.vun.lan.
@ IN A 192.168.1.15
@ IN A 192.168.1.43
@ IN MX 10 Mats.vun.lan.
Mats IN A 192.168.1.43
vun.lan.IN A 192.168.1.43
Mon IN A 192.168.1.15
www IN CNAME Mats
Mats:/var/chroot/bind9/etc/bind#


Mats:/var/chroot/bind9/etc/bind# cat db.1.168.192.rev
;
; BIND data file for 1.168.192
;
$TTL 604800
$ORIGIN 1.1.168.192.in-addr-arpa.
@ IN SOA Mats.vun.lan. admin.vun.lan. (
20090524 ; serial
604800 ; Refresh
120 ; Retry
2419200 ; Expiry
604800 ; Default TTL
)
IN NS Mats.vun.lan.
IN NS Mon.vun.lan.
43 IN PTR Mats.vun.lan.
43 IN PTR vun.lan.
15 IN PTR Mon.vun.lan.
Mats:/var/chroot/bind9/etc/bind#

Mats:/# dig vun.lan

; <<>> DiG 9.5.1-P1 <<>> vun.lan
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50094
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;vun.lan. IN A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 23 22:24:35 2009
;; MSG SIZE rcvd: 25

Mats:/# dig Mats.vun.lan

; <<>> DiG 9.5.1-P1 <<>> Mats.vun.lan
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30389
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;Mats.vun.lan. IN A

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May 23 22:28:19 2009
;; MSG SIZE rcvd: 30

Mats:/#

I still cant resolv.


All times are GMT -5. The time now is 04:19 PM.