Open Source Software and Linux

Nov 2 2008   3:34AM GMT

Logging for BIND in a chroot environment

John Little Profile: Xjlittle

Today while setting up a new BIND server I decided that it might be a good time to start using the chroot-bind package in a chroot environment. This presented a set of challenges that I wasn’t quite expecting. While they weren’t difficult to sort out I thought that i might help you save some time.

The first question that popped up was where do I put the configuration and log files. Since we are in a chrooted environment they go under the var and etc files below the chroot. For CentOS this is /var/named/chroot/{var,named}. Don’t let this get you confused when you put in the path in the files in the named.conf. In the named.conf it will start as normal in the var and etc directories. Just remember that it is referring to those directories under /var/named/chroot and not under /etc/ and /var/named. Those are the places that you would expect to see them in a non chroot environment.

options {
directory "/var/named/pz"; ##This path starts under /var named/chroot/

After sorting this out and getting my server running I noticed that I was not getting any logging for my BIND server. BIND, when installed in a typical environment, places it’s logs in /var/log/messages by default. Setting up logs in the chroot environment requires a stanza for logging be set up in named.conf. You will also need to specify what you want to log as well as the severity level. There is a default variable that will give you all logging except for query. You will need to set up logging for queries separately in a separate stanza.

Following is an example of what my finished logging stanza’s are in named.conf:

# Logging Configuration
#
logging {
#
# Define channels for the two log files
#
channel query_log {
severity info;
print-time yes;
file "/var/log/query.log" versions 3 size 100M;
};
category query {
query_log;
};
channel default_log {
severity info;
print-time yes;
print-category yes;
print-severity yes;
file "/var/log/activity.log" versions 3 size 100M;
};
category default {
default_log;
};
};

Notice that you have a primary logging stanza. Under this you enter whatever you want to call your channel stanza. This is where you enter the severity to log along with various other options. Under this is place the category log which defines whatever is it that your logging. In mine I am logging the default and queries. Also notice the “file” paths in the channel stanza. Again this is the var that starts under /var/named/chroot and not the typical /var/log. The logs are created whenever you start BIND.

You can read more about the logging syntax and available entries by reading the file /usr/share/doc/bind-9.3.4/arm/Bv9ARM.ch06.html. Scroll down until you find the section titled “logging Statement Grammar” and start reading from there. The quickest and easiest way to read this is with a text only browser such as elinks.

Enjoy your new secure BIND server!

-j

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: