不建议开启,会降低服务器性能。
[[email protected] named]# vim /etc/named.conf
options {
directory "/var/named";
allow-recursion { innet; };
querylog yes; 只需要在options里添加一条即可
};
[[email protected] named]# dig -t A www.mylinux.com
[[email protected] named]# tail /var/log/messages
......
Jul 10 20:16:04 localhost named[1892]: running
Jul 10 20:16:18 localhost named[1892]: client 192.168.10.2#43492: view telecom: query: www.mylinux.com IN A + (192.168.10.2)
catagory:日志源
查询
区域传送
可以通过catagory自定义日志来源
channel:日志保存位置
syslog
file:自定义保存日志信息的文件
[[email protected] named]# vim /etc/named.conf
acl innet {
127.0.0.0/8;
192.168.10.0/24;
};
options {
directory "/var/named";
allow-recursion { innet; };
};
logging {
channel query_log { 定义一个channel为query_log
file "/var/log/named/bind_query.log" versions 5 ;
severity dynamic;
print-time yes;
};
category queries { query_log; }; 所有category类型和queries(查询)相关的日志信息都保存到query_log中
channel xfer_log { 定义一个channel为 xfer_log
file "/var/log/named/transfer.log" versions 5 size 10M;
severity debug 3;
print-time yes;
};
category xfer-out { xfer_log; }; 所有category类型和xfer-out(传出)相关的日志信息都保存到 xfer_log中
};
......
[[email protected] log]# mkdir /var/log/named
[[email protected] log]# cd /var/log/named
[[email protected] log]# chown named:named named
queryperf 工具
[[email protected] perftcpdns]# yum install gcc make
进入bind源码包
/tmp/bind-9.10.4-P1/contrib/queryperf
[[email protected] perftcpdns]# ./configure
[[email protected] ~]# make
[[email protected] queryperf]# cp queryperf /bin/ 把queryperf命令复制到bin下
queryperf -h查看选项
-d 指定文件查询
创建一个文件 。把要查询的类容写到里面
[[email protected] ~]# vim test
www.mylinux.com A
mylinux.com NS
mylinux.com MX
.....
[[email protected] ~]# queryperf -d test -s 192.168.10.2
[[email protected] ~]# wc -l /var/log/named/bind_query.log 统计一下日志查询有多少次
5250 /var/log/named/bind_query.log
dostop 抓包工具
安装方法一样,系在dostop包
需要安装libcap-deve1包
dnstop -4 -Q -R eth0 指定IPv4 Q记录查询数 R记录响应数