본문 바로가기

리눅스

CentOS 7에서 BIND(named)의 로깅을 설정하는 방법

728x90

CentOS 7에서 BIND(named)의 로깅을 설정하는 방법

1. BIND 설정 파일 편집

BIND(named)의 설정 파일인 named.conf 파일을 엽니다. 일반적으로 이 파일은 /etc/named.conf에 위치합니다.

sudo vim /etc/named.conf

2. 로깅 옵션 추가

named.conf 파일 내에서 로깅 옵션을 추가하십시오. 로그 파일의 경로와 로깅 레벨을 설정합니다.

아래는 간단한 예제입니다.

logging {
    channel default_file {
        file "/var/log/named/named.log"; # 로그 파일 경로
        severity dynamic; # 로그 레벨 (dynamic은 로그 레벨을 설정할 수 있음)
        print-time yes; # 로그에 타임스탬프 출력
    };
    category default { default_file; };
};

이 예에서는 로그 파일의 경로를 /var/log/named/named.log로 설정하고, 로그 레벨을 dynamic로 설정하며 로그에 타임스탬프를 포함시킵니다.

3. 로그 디렉토리 생성

로그 파일을 저장할 디렉토리를 만듭니다.

sudo mkdir -p /var/log/named
sudo chown named:named /var/log/named

4. named 서비스 재시작

설정을 적용하기 위해 BIND(named) 서비스를 다시 시작합니다.

sudo systemctl restart named

5. 로그 확인

로깅 설정이 완료되면 BIND(named)는 /var/log/named/named.log 또는 지정한 경로에 로그를 저장합니다. 해당 파일을 확인하여 BIND(named)의 활동을 모니터링하실 수 있습니다.

728x90

테스트 환경에 BIND 로그 설정하는 방법

테스트 환경

$ cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

named.conf 편집

sudo vim /etc/named.conf
options {
        listen-on port 53 { any; };
        ...
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

/*
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
*/

include "/etc/named.logging.conf";

zone "." IN {
        type hint;
        file "named.ca";
};
...

로그 디렉토리 생성

sudo mkdir -p /var/named/log
sudo chown named:named /var/named/log

named.logging.conf 생성

sudo vim /etc/named.logging.conf
logging {
        channel "default_syslog" {
                // Send most of the named messages to syslog.
                syslog local2;
                severity debug;
        };
        channel "default_syslog" {
                file "log/default.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "general_syslog" {
                file "log/general.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "database_syslog" {
                file "log/database.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "security_syslog" {
                file "log/security.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "config_syslog" {
                file "log/config.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "resolver_syslog" {
                file "log/resolver.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "xfer-in_syslog" {
                file "log/xfer-in.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "xfer-out_syslog" {
                file "log/xfer-out.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "notify_syslog" {
                file "log/notify.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "client_syslog" {
                file "log/client.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "unmatched_syslog" {
                file "log/unmatched.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "network_syslog" {
                file "log/network.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "update_syslog" {
                file "log/update.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "update_security_syslog" {
                file "log/update_security.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "queries_syslog" {
                file "log/queries.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "dispatch_syslog" {
                file "log/dispatch.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "dnssec_syslog" {
                file "log/dnssec.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "lame-servers_syslog" {
                file "log/lame-servers.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel "delegation-only_syslog" {
                file "log/delegation-only.log" versions 3 size 20m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };

        category default { default_syslog; };
        category general { general_syslog; };
        category database { database_syslog; };
        category security { security_syslog; };
        category config { config_syslog; };
        category resolver { resolver_syslog; };
        category xfer-in { xfer-in_syslog; };
        category xfer-out { xfer-out_syslog; };
        category notify { notify_syslog; };
        category client { client_syslog; };
        category unmatched { unmatched_syslog; };
        category network { network_syslog; };
        category update { update_syslog; };
        category update-security { update_security_syslog; };
        category queries { queries_syslog; };
        category dispatch { dispatch_syslog; };
        category dnssec { dnssec_syslog; };
        category lame-servers { lame-servers_syslog; };
        category delegation-only { delegation-only_syslog; };
};

named.conf 설정 파일 및 zonefile 구문 검사

named-checkconf -z
$ named-checkconf -z
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0

RNDC 리로드

rndc reload
$ rndc reload
server reload successful

querylog 활성화

rndc querylog on

(또는)

named 서비스 재시작

sudo systemctl restart named

로그 확인

$ ls -l /var/named/log/
total 212
-rw-r--r-- 1 named named      0 Oct 24 13:02 client.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 config.log
-rw-r--r-- 1 named named   1844 Oct 24 13:05 database.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 default.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 delegation-only.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 dispatch.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 dnssec.log
-rw-r--r-- 1 named named 161202 Oct 24 13:05 general.log
-rw-r--r-- 1 named named   4175 Oct 24 13:05 lame-servers.log
-rw-r--r-- 1 named named    233 Oct 24 13:05 network.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 notify.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 queries.log
-rw-r--r-- 1 named named    249 Oct 24 13:05 resolver.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 security.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 unmatched.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 update.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 update_security.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 xfer-in.log
-rw-r--r-- 1 named named      0 Oct 24 13:02 xfer-out.log

query log 활성화 여부 확인

rndc status | egrep "query logging is"
$ rndc status | egrep "query logging is"
query logging is ON

query log(querylog) 확인

tail -f /var/named/log/queries.log
tail -f /var/named/log/queries.log
24-Oct-2023 13:10:17.712 queries: info: client @0x7fb32c055d90 127.0.0.1#46547 (naver.com): query: naver.com IN A +E(0) (127.0.0.1)

 

로깅 설정은 BIND(named)의 동작을 추적하고 문제를 진단하는 데 도움이 됩니다. 필요에 따라 로깅 레벨을 조정하거나 로그 파일의 경로를 변경할 수 있습니다.

참고URL

- BIND logging | BIND 9.5.x : https://scbyun.com/100

- BIND 로깅 - 몇 가지 기본 권장 사항 : https://kb.isc.org/docs/aa-01526

- bind9 logging template : https://webinar.defaultroutes.de/webinar/bind9-logging-template.html

 

728x90