Finding Out Whos Querying a Name Server

Finding Out Who s Querying a Name Server

5.13.1 Problem

You want to find out which resolvers and name servers are querying a name server.

5.13.2 Solution

For BIND 9, turn on query logging with:

# rndc querylog

Or, for BIND 8:

# ndc querylog

Then examine the name server's syslog output. The name server will log a one-line message each time it receives a query. For BIND 9, the messages look like this:

May 4 22:45:14 ns1 named[80090]: client 192.168.0.99#3261: query: www.foo.example IN A

This tells us that our name server received a query from the client at 192.168.0.99, port 3261, for A records attached to www.foo.example in the Internet class.

On a BIND 8 name server, the messages look like this:

May 4 22:53:52 ns1 named[80323]: XX+/192.168.0.99/www.foo.example/A/IN

Most of the same information is there, but in a slightly different format: the address the query was received from, the domain name the query asked about, the type of query, and the class of query, separated by slashes. The "XX+" at the beginning indicates that it is a recursive query. Nonrecursive queries show just "XX."

5.13.3 Discussion

Query logging can come in handy if you're trying to track down a problem. However, it generates a lot of output -- quickly, on a busy name server -- so it's probably a bad idea to use all the time. If you're really just interested in how many queries the name server receives, use the name server's statistics instead (Recipes Section 5.14 and Section 5.15).

You can also turn on query logging by assigning the logging category queries to a particular channel. See Recipe Section 10.4 for details.

There's no indication in the BIND 9 query logging output of which queries were recursive and which not.

5.13.4 See Also

Recipes Section 5.14 and Section 5.15, for measuring the queries a name server receives, and Section 10.4, for sending one category of messages to a particular file.

Getting Started

Zone Data

BIND Name Server Configuration

Electronic Mail

BIND Name Server Operations

Delegation and Registration

Security

Interoperability and Upgrading

Resolvers and Programming

Logging and Troubleshooting

IPv6



DNS & BIND Cookbook
DNS & BIND Cookbook
ISBN: 0596004109
EAN: 2147483647
Year: 2005
Pages: 220
Authors: Cricket Liu

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net