How to enable query logging in BIND

Execute the following command to determine query logging status.

$ sudo rndc status
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

Enable query logging.

$ sudo rndc querylog

Execute the following command to see the difference.

$ sudo rndc status
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

Now you can inspect executed queries.

$ sudo tail -f /var/log/messages
Feb 27 15:12:27 srv named[8978]: client 1.2.2.3#56853: query: meta.wikimedia.org IN AAAA +
Feb 27 15:12:27 srv named[8978]: client 1.1.1.2#38595: query: a1470.g.akamai.net IN A +E
Feb 27 15:12:28 srv named[8978]: client 1.1.1.2#38595: query: www.allegro.pl IN A +E
Feb 27 15:12:28 srv named[8978]: client 1.1.1.2#38595: query: allegro.by IN A +E
Feb 27 15:12:28 srv named[8978]: client 1.1.1.2#38595: query: aukro.bg IN A +E

Disable query logging.

$ sudo rndc querylog
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system. He is also open for new opportunities and challenges.

Gdansk, Poland https://sleeplessbeastie.eu