原文地址:
https://blog.xuite.net/tolarku/blog/161082737-DNS+Server+%E9%96%8B%E5%95%9F+Log+%E8%A8%98%E9%8C%84%E6%AA%94+-+BIND
配置修改
[popexizhi: 这个配置的分级很全了,具体的细节参见
https://blog.csdn.net/zhu_tianwei/article/details/45103455
一、logging语法定义 说的很清楚:)
]
當你需要查詢 DNS 的 Query 紀錄時,你就必須增加 log 的設定片段,當然底下的四個項目,你不要全用當然也可以
logging
{
channel default-log {
file "/var/log/named_default.log" versions 10 size 200m;
severity info;
print-time yes;
};
channel lamer-log {
file"/var/log/named_lamer.log" versions 3 size 100m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
channel query-log {
file "/var/log/named_query.log" versions 10 size 1000m;
severity info;
print-time yes;
};
channel security-log {
file"/var/log/named_security.log" versions 3 size 100m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category lame-servers { lamer-log; };
category security{ security-log;}; category queries { query-log;};
category default { default-log;};
};
當中的 log 種類為
> lamer 是用來記錄在本DNS上查不到的記錄
18-Nov-2013 09:53:04.277 lame-servers: info: FORMERR resolving 'ib.sin1.geoadnxs.com/AAAA/IN': 64.208.141.11#53
18-Nov-2013 09:53:04.277 lame-servers: info: FORMERR resolving 'ib.sin1.geoadnxs.com/AAAA/IN': 64.208.141.11#53
> security 用來記錄拒絕存取之類
18-Nov-2013 09:53:35.097 security: info: client 1.160.178.176#63736: query (cache) 'imgcdn.ptvcdn.net/A/IN' denied
18-Nov-2013 09:53:35.097 security: info: client 1.160.178.176#63736: query (cache) 'imgcdn.ptvcdn.net/A/IN' denied
> default 用來記錄BIND啟動記錄及 zone transfer 的狀態
18-Nov-2013 13:05:31.862 client 140.156.116.37#49152: update 'ntu.edu.tw/IN' denied
18-Nov-2013 13:05:31.862 client 140.156.116.37#49152: update 'ntu.edu.tw/IN' denied
> query 用來記錄 client 透過此 DNS 的所有紀錄
18-Nov-2013 09:52:59.137 client 140.156.16.199#61234: query: bbcore.cloudapp.net IN A +
18-Nov-2013 09:52:59.137 client 140.156.16.199#61234: query: bbcore.cloudapp.net IN A +
設定的屬性說明
>> size 一個檔案的大小>> severity 所擷取的Log 等級>> print-severity 是否顯示 Log 的等級>> print-category 是否顯示 Log 的等級>> print-time 是否顯示Log的日期及時間
設定完 /etc/named.conf 只要重新載入設定檔就OK了,你可以使用
sudo /etc/init.d/named restart
权限问题
[popexizhi:
原文中说的权限问题selinux 引起的自己没有注意,太坑人了,之后还是让自己遇到了
]
如果你在執行「chcon」時發生,即使給了 chmod 777 還是一樣無法寫入「DNS named[1864]: unable to rename log file '/var/log/named/query-log' to '/var/log/named/query-log.0': permission denied」# sudo chcon -R system_u:object_r:named_cache_t /var/named/chroot/var/log/named/
chcon: failed to change context of ‘default-log’ to ‘system_u:object_r:named_cache_t’: 不適用的引數
chcon: failed to change context of ‘security-log’ to ‘system_u:object_r:named_cache_t’: 不適用的引數
不用懷疑,那就是 selinux 權限的問題,解決方法為:
sudo service named stop
sudo chcon -R system_u:object_r:named_cache_t /var/named/chroot/var/log/named/
sudo service named start
問題就是這些 log file 被 named 咬住了,要先停止 named 才能修改檔案的 selinux 權限
若還是不行就,就是把 selinux 關掉改完再打開
setenforce 0
sudo chcon -R system_u:object_r:named_cache_t /var/named/chroot/var/log/named/
setenforce 1
没有评论:
发表评论