Introduction
This guide will walk you through the steps to activate DNS query logs, allowing you to gain detailed insights into DNS queries within your network.
Using the ucr command or directly editing the ‘/etc/bind/named.conf’ file(s) doesn’t readily facilitate this process, as the config files might get overwritten during an update. Currently, we can only suggest modifying the relevant template file that generates the ‘named.conf’ file, ensuring that your changes persist even after updates.
Steps
-
1. First of all, you should check which DNS backend is being used:
ucr get dns/backend
If ucr shows ‘ldap’, edit /etc/univention/templates/files/etc/bind/named.conf.proxy
If it shows ‘samba4’, edit /etc/univention/templates/files/etc/bind/named.conf.samba4. -
2. Please create a backup beforehand to be on the safe side:
cd /etc/univention/templates/files/etc/bind/-
cp named.conf.proxy named.conf.proxy.bak
or if your backend is samba4: cp named.conf.samba4 named.conf.samba4.bak
-
3. In the corresponding named.conf file, you must now expand the arrays
optionsandlogging. Here we use the samba4 backend and therefore thenamed.conf.samba4file. In the arrayoptionswe addquerylog yes;and in theloggingarray we add another array calledchannel querylogwith some options likeseverity.
options {
querylog yes;
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
listen-on { any; };
@!@
...
...
...
logging {
category default{ default_syslog; };
channel default_syslog {
syslog daemon; # send to syslog's daemon facility
severity dynamic; # log at the server's current debug level
};
channel querylog {
file "/var/log/querylog";
print-time yes;
severity info;
};
category queries { querylog; };
};
-
4. Commit the changes from the template to the actual config file:
ucr commit /etc/bind/named.conf.samba4
-
5. Now you need to restart the bind9 service to read in the new config file:
systemctl restart bind9