BIND9 non logging

ddaas · 12-21-2010, 08:18 AM

Hi,
I have ununtu 10.10 server with bind9.

In named.conf.options

Code:

logging { 
        channel my_log { 
                file "/var/log/bind.log" versions 10 size 5M; 
                severity info;
                print-time yes;
                print-category yes;
                print-severity yes; 
        };  

        category queries { my_log; };  
        category default { my_log; };  
};

The file /var/log/bind.log exists and belongs to bind.
Bind9 doesn't seem to run in chroot mode. It is the default instalation, named is in /usr/sbin and the config files are in /etc/bind

The problem is that it doesn't log a thing.

If I am using syslog under channel it logs.

Any ideea?

bathory · 12-21-2010, 09:13 AM

Hi,

Your configuration for logging looks ok. Check if the file is open by the bind user:

Code:

lsof|grep bind.log

Also what gives

Code:

rndc status|grep query

If it's set to OFF, run

Code:

rndc querylog

to set it to ON again

Regards

ddaas · 12-21-2010, 09:51 AM

lsof doesn't return anything. I think here is the problem. But what?

But I have:

Code:

# rndc status
version: 9.7.1-P2
CPUs found: 2
worker threads: 2
number of zones: 33
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

then:

Code:

ls -l /var/log/bind.log 
-rw-r----- 1 bind bind 1 2010-12-21 15:31 /var/log/bind.log

and

Code:

 ps -ef  | grep named
bind      2723     1  0 15:58 ?        00:00:00 /usr/sbin/named -u bind
root      3502  3454  0 17:50 pts/0    00:00:00 grep --color=auto named

bathory · 12-21-2010, 10:17 AM

Since you're running ubuntu, it could be an apparmor problem.
Take a look at the last paragraph here

Regards

ddaas · 12-21-2010, 01:43 PM

You are right.
I found this.

Quote:

apparmor_status
apparmor module is loaded.
6 profiles are loaded.
6 profiles are in enforce mode.
/sbin/dhclient3
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/mysqld
/usr/sbin/named
/usr/sbin/tcpdump
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode :
/usr/sbin/mysqld (817)
/usr/sbin/named (806)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

I'm not confident at the moment with AppArmor so I will learn about it first.
When I solve the problem I post the solution here.

Thank you

ddaas · 12-21-2010, 02:12 PM

Here is the solution https://lists.isc.org/pipermail/bind...ry/078473.html

Thank you !