我将bind9用作DNS服务器,并希望记录查询。默认的bind9日志看起来像
06-Dec-2018 19:02:27.857 starting BIND 9.10.3-P4-Debian <id:ebd72b3> -f -c /etc/bind/named.conf -g
06-Dec-2018 19:02:27.857 built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' '--with-randomdev=/dev/urandom' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-zVMG3I/bind9-9.10.3.dfsg.P4=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
06-Dec-2018 19:02:27.858 ----------------------------------------------------
06-Dec-2018 19:02:27.858 BIND 9 is maintained by Internet Systems Consortium,
06-Dec-2018 19:02:27.858 Inc. (ISC), a non-profit 501(c)(3) public-benefit
06-Dec-2018 19:02:27.858 corporation. Support and training for BIND 9 are
06-Dec-2018 19:02:27.858 available at https://www.isc.org/support
06-Dec-2018 19:02:27.858 ----------------------------------------------------
06-Dec-2018 19:02:27.858 found 8 CPUs, using 8 worker threads
06-Dec-2018 19:02:27.858 using 4 UDP listeners per interface
06-Dec-2018 19:02:27.858 using up to 4096 sockets
06-Dec-2018 19:02:27.864 loading configuration from '/etc/bind/named.conf'
06-Dec-2018 19:02:28.775 reading built-in trusted keys from file '/etc/bind/bind.keys'
06-Dec-2018 19:02:28.775 initializing GeoIP Country (IPv4) (type 1) DB
06-Dec-2018 19:02:28.775 GEO-106FREE 20170512 Bu
06-Dec-2018 19:02:28.775 initializing GeoIP Country (IPv6) (type 12) DB
06-Dec-2018 19:02:28.776 GEO-106FREE 20170512 Bu
06-Dec-2018 19:02:28.776 GeoIP City (IPv4) (type 2) DB not available
06-Dec-2018 19:02:28.776 GeoIP City (IPv4) (type 6) DB not available
06-Dec-2018 19:02:28.776 GeoIP City (IPv6) (type 30) DB not available
06-Dec-2018 19:02:28.776 GeoIP City (IPv6) (type 31) DB not available
06-Dec-2018 19:02:28.776 GeoIP Region (type 3) DB not available
06-Dec-2018 19:02:28.776 GeoIP Region (type 7) DB not available
06-Dec-2018 19:02:28.776 GeoIP ISP (type 4) DB not available
06-Dec-2018 19:02:28.776 GeoIP Org (type 5) DB not available
06-Dec-2018 19:02:28.776 GeoIP AS (type 9) DB not available
06-Dec-2018 19:02:28.776 GeoIP Domain (type 11) DB not available
06-Dec-2018 19:02:28.776 GeoIP NetSpeed (type 10) DB not available
06-Dec-2018 19:02:28.776 using default UDP/IPv4 port range: [32768, 60999]
06-Dec-2018 19:02:28.776 using default UDP/IPv6 port range: [32768, 60999]
06-Dec-2018 19:02:28.777 listening on IPv6 interfaces, port 53
06-Dec-2018 19:02:28.796 binding TCP socket: address in use
06-Dec-2018 19:02:28.797 listening on IPv4 interface Policy, 10.254.0.31#53
06-Dec-2018 19:02:28.799 listening on IPv4 interface Ustcnet, 10.38.95.82#53
06-Dec-2018 19:02:28.801 could not open file '//run/named/named.pid': Permission denied
06-Dec-2018 19:02:28.801 generating session key for dynamic DNS
06-Dec-2018 19:02:28.801 could not open file '//run/named/session.key': Permission denied
06-Dec-2018 19:02:28.801 could not create //run/named/session.key
06-Dec-2018 19:02:28.801 failed to generate session key for dynamic DNS: permission denied
06-Dec-2018 19:02:28.803 sizing zone task pool based on 52141 zones
06-Dec-2018 19:02:29.055 set up managed keys zone for view _default, file 'managed-keys.bind'
06-Dec-2018 19:02:29.062 configuring command channel from '/etc/bind/rndc.key'
06-Dec-2018 19:02:29.062 command channel listening on 127.0.0.1#953
06-Dec-2018 19:02:29.062 configuring command channel from '/etc/bind/rndc.key'
06-Dec-2018 19:02:29.062 command channel listening on ::1#953
06-Dec-2018 19:02:29.062 not using config file logging statement for logging due to -g option
06-Dec-2018 19:02:29.147 managed-keys-zone: loaded serial 0
06-Dec-2018 19:02:29.147 zone 0.in-addr.arpa/IN: loaded serial 1
06-Dec-2018 19:02:29.148 zone 127.in-addr.arpa/IN: loaded serial 1
06-Dec-2018 19:02:29.148 zone 255.in-addr.arpa/IN: loaded serial 1
06-Dec-2018 19:02:29.148 zone localhost/IN: loaded serial 2
06-Dec-2018 19:02:29.149 (re)loading policy zone 'rpz' changed from 0 to 69 qname, 0 to 0 nsdname, 0 to 0 IP, 0 to 0 NSIP, 0 to 0 CLIENTIP entries
06-Dec-2018 19:02:29.149 zone rpz/IN: loaded serial 0
06-Dec-2018 19:02:29.149 all zones loaded
06-Dec-2018 19:02:29.149 running
在使用-g选项时输出到stderr。但是,当我写
logging {
channel queries_log {
file "/var/log/query.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel default_syslog {
print-time yes;
print-category yes;
print-severity yes;
stderr;
severity info;
};
category queries { queries_log; };
category default { default_syslog; };
category security { default_syslog; };
category update { default_syslog; };
category update-security { default_syslog; };
};
在我的绑定配置文件中,并使用选项-f而不是-g,日志显示为
06-Dec-2018 18:10:01.488 general: info: managed-keys-zone: loaded serial 0
06-Dec-2018 18:10:01.488 general: info: zone 0.in-addr.arpa/IN: loaded serial 1
06-Dec-2018 18:10:01.489 general: info: zone 127.in-addr.arpa/IN: loaded serial 1
06-Dec-2018 18:10:01.489 general: info: zone 255.in-addr.arpa/IN: loaded serial 1
06-Dec-2018 18:10:01.489 rpz: info: (re)loading policy zone 'rpz' changed from 0 to 69 qname, 0 to 0 nsdname, 0 to 0 IP, 0 to 0 NSIP, 0 to 0 CLIENTIP entries
06-Dec-2018 18:10:01.489 general: info: zone rpz/IN: loaded serial 0
06-Dec-2018 18:10:01.490 general: info: zone localhost/IN: loaded serial 2
06-Dec-2018 18:10:01.490 general: notice: all zones loaded
06-Dec-2018 18:10:01.490 general: notice: running
那么,像上一个一样输出到stderr的bind9的“默认”日志配置是什么?我的目的是通过使用-g选项和使用独立的query.log来登录stderr来记录查询。