How to enable query logging in BIND

Check out query logging status by executing command:

# rndc status
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

To enable query logging exwcute rndc querylog command:

# rndc querylog

Execute rndc status command to see the difference:

# rndc status
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

Now you can view queries:

# tail -f /var/log/messages
Feb 27 15:12:27 srv named[8978]: client 1.2.2.3#56853: query: meta.wikimedia.org IN AAAA +
Feb 27 15:12:27 srv named[8978]: client 1.1.1.2#38595: query: a1470.g.akamai.net IN A +E
Feb 27 15:12:28 srv named[8978]: client 1.1.1.2#38595: query: www.allegro.pl IN A +E
Feb 27 15:12:28 srv named[8978]: client 1.1.1.2#38595: query: allegro.by IN A +E
Feb 27 15:12:28 srv named[8978]: client 1.1.1.2#38595: query: aukro.bg IN A +E

To disable it execute command again.

# rndc querylog
Milosz Galazka's Picture

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.

Gdansk, Poland https://sleeplessbeastie.eu