Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1142940
  • 博文数量: 168
  • 博客积分: 4445
  • 博客等级: 上校
  • 技术积分: 1307
  • 用 户 组: 普通用户
  • 注册时间: 2005-11-02 14:04
文章分类

全部博文(168)

文章存档

2018年(2)

2017年(5)

2016年(7)

2015年(1)

2014年(8)

2013年(1)

2012年(4)

2011年(54)

2010年(8)

2009年(19)

2008年(18)

2007年(36)

2006年(1)

2005年(4)

分类: 系统运维

2010-11-06 16:20:19

Bind 9 日志记录用户请求域名解析,不知道对不对,但是日志结果记录了用户请求的域名、用户的IP地址、用户请求的时间,日志结果:
((((((06-Nov-2010 15:57:18.639 security: client 192.168.1.188#59500: view edu: request is not signed
06-Nov-2010 15:57:18.639 security: client 192.168.1.188#59500: view edu: recursion available
06-Nov-2010 15:57:18.639 security: client 192.168.1.188#59500: view edu: query (cache) '' approved
06-Nov-2010 15:57:20.640 security: client 192.168.1.188#59501: view edu: request is not signed
06-Nov-2010 15:57:20.640 security: client 192.168.1.188#59501: view edu: recursion available
06-Nov-2010 15:57:20.640 security: client 192.168.1.188#59501: view edu: query (cache) '' approved
06-Nov-2010 15:57:20.977 security: client 192.168.1.188#59502: view edu: request is not signed
06-Nov-2010 15:57:20.977 security: client 192.168.1.188#59502: view edu: recursion available
06-Nov-2010 15:57:20.977 security: client 192.168.1.188#59502: view edu: query (cache) '' approved
06-Nov-2010 15:57:20.978 security: client 192.168.1.188#59503: view edu: request is not signed
06-Nov-2010 15:57:20.978 security: client 192.168.1.188#59503: view edu: recursion available
06-Nov-2010 15:57:20.978 security: client 192.168.1.188#59503: view edu: query (cache) '' approved

))))))




关于日志选项配置:

# more /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you might need to uncomment the query-source
        // directive below.  Previous versions of BIND always asked
        // questions using port 53, but BIND 8.1 and later use an unprivileged
        // port by default.

        // query-source address * port 53;

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.  
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
logging {
    channel query_log {
        file "query.log" versions 4 size 20m;
        severity debug 3;
        print-time yes;
        print-category yes;
    };
    category security {
        query_log;
    };
};
阅读(7023) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~