Option 1 – Quick and Dirty
You can quickly turn on logging by typing in the following into the server shell:
[code]rndc querylog[/code]
Then you can follow the information in the standard syslog.
[code]tail -f /var/log/syslog[/code]
You should see output like the following letting you know that queries are now logged:
[code]Sep 14 22:23:20 ns01.companya.local named[7896]: query logging is now on[code]
<h3>Option 2 – Full and Stored Logs</h3>
If you want to store full logs that you can go back to at a later date you’ll need to make some changes to the BIND configuration.
Logon to your shell as usual, and type the following:
[code]nano /etc/bind/named.conf[/code]
Put in the following code at the bottom:
[code]logging {
channel query.log {
file “/var/log/query.log”;
severity debug 3;
};
category queries { query.log; };
};[/code]
Now we need to create the log:
[code]touch /var/log/query.log[/code]
Make it writable by the BIND process:
[code]chown named.named /var/log/query.log[/code]
Give BIND a reboot:
[code]service bind9 restart[/code]
And now you should be able to follow the queries as any other log:
[code]tail -f /var/log/query.log[/code]
References:
http://linuxmantra.com/2011/04/logging-bind-queries.html