Bind logging stopped writing to file
 

bind9 logging stopped writing logs to my configured file
/var/log/named_query
my sample log entry in the file was
31-Jul-2012 10:38:30.897 client 192.168.2.4#42007: query: pt200204.unica.com IN A + (192.168.2.4

- Is the BIND process running?
- Can the process be restarted and does it keep running?
- If not restartable or running: what do the log files show?
- If the process did run OK beforehand: what did you reconfigure or change wrt BIND and or Syslog?

*BTW please stop creating threads by default in the Linux Security forum if it is not a Linux Security issue,
thanks in advance.

Hi,

Do you have query logging enabled in named.conf? By default it's disabled due to the amount of data it writes in the logfile. Anyway, what gives:
You can use:
to enable query logging temporarily, or see this to enable it permanently (not recommended due to the volume of logs it writes)

Regards

@all
BIND is up and running
Query logging is ON and working
It was working fine earlier i just deleted the old contents of file named_querylog and restarted bind now it is not writing logs to my named_querylog file
My named.conf is as follows
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel query_logging {
file "/var/log/named_querylog"
versions 3 size 100M;
print-time yes; // timestamp log entries
};

category queries {
query_logging;
};
};
~
~
~

How did you delete file contents? What happens if you delete the file and restart bind? Is the file re-created by bind?
If you're running Debian, could be apparmor not allowing bind to write to the logfile

Regards

I deleted the log file and restarted the bind but it is not creating the log file automatically also if we add a new file path to log file (channel portion) it is not logging to that file
what's the solution please reply asap its urgent
thanks

I'm not running debian but according to this, bind uses /etc/bind/named.conf.log to configure logging. So you may add your query logging there and see if it works

Regards

Everything is ok because rndc status shows
version: 9.7.3
CPUs found: 2
worker threads: 2
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
what's wrong why its not writng the logs to named_query???

Did you try to use /etc/bind/named.conf.log for query logging?
Comment out the logging part from named.conf and just add:
in /etc/bind/named.conf.log and see if bind starts logging queries in /var/log/bind.log

thanks for the reply got it working now :)