-   Linux - Software (
-   -   Bind logging stopped writing to file (

Balvinder87 07-31-2012 05:03 AM

Bind logging stopped writing to file
bind9 logging stopped writing logs to my configured file
my sample log entry in the file was
31-Jul-2012 10:38:30.897 client query: IN A + (

unSpawn 07-31-2012 08:42 AM

- Is the BIND process running?
- Can the process be restarted and does it keep running?
- If not restartable or running: what do the log files show?
- If the process did run OK beforehand: what did you reconfigure or change wrt BIND and or Syslog?

*BTW please stop creating threads by default in the Linux Security forum if it is not a Linux Security issue,
thanks in advance.

bathory 07-31-2012 08:44 AM


Do you have query logging enabled in named.conf? By default it's disabled due to the amount of data it writes in the logfile. Anyway, what gives:

rndc status|grep query
You can use:

rndc querylog
to enable query logging temporarily, or see this to enable it permanently (not recommended due to the volume of logs it writes)


Balvinder87 08-01-2012 12:44 AM

BIND is up and running
Query logging is ON and working
It was working fine earlier i just deleted the old contents of file named_querylog and restarted bind now it is not writing logs to my named_querylog file
My named.conf is as follows
// This is the primary configuration file for the BIND DNS server named.
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/rndc.key";
controls {
inet port 953
allow {; } keys { "rndc-key"; };
logging {
channel query_logging {
file "/var/log/named_querylog"
versions 3 size 100M;
print-time yes; // timestamp log entries

category queries {

bathory 08-01-2012 04:56 AM


It was working fine earlier i just deleted the old contents of file named_querylog and restarted bind now it is not writing logs to my named_querylog file
How did you delete file contents? What happens if you delete the file and restart bind? Is the file re-created by bind?
If you're running Debian, could be apparmor not allowing bind to write to the logfile


Balvinder87 08-01-2012 05:59 AM

I deleted the log file and restarted the bind but it is not creating the log file automatically also if we add a new file path to log file (channel portion) it is not logging to that file
what's the solution please reply asap its urgent

bathory 08-01-2012 08:58 AM

I'm not running debian but according to this, bind uses /etc/bind/named.conf.log to configure logging. So you may add your query logging there and see if it works


Balvinder87 08-02-2012 01:12 AM

Everything is ok because rndc status shows
version: 9.7.3
CPUs found: 2
worker threads: 2
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
what's wrong why its not writng the logs to named_query???

bathory 08-02-2012 04:10 AM

Did you try to use /etc/bind/named.conf.log for query logging?
Comment out the logging part from named.conf and just add:

category queries{ bind_log; };
in /etc/bind/named.conf.log and see if bind starts logging queries in /var/log/bind.log

Balvinder87 08-03-2012 01:39 AM

thanks for the reply got it working now :)

All times are GMT -5. The time now is 06:08 AM.