I would like to examine the responses from named in the logs, not just the queries, but I cannot find a way to log them. Any suggestions on a: how to log the answers to queries b: what is wrong here
I prefer to use syslog to log things from named. Here's what I use in my named.conf:
Note that I don't run at severity debug, but I figure you'll want to. The category query line seems to be what you're after, but the whole thing won't hurt.
logging { channel "default_syslog" { syslog local6; severity debug; };
category default { default_syslog; }; category general { default_syslog; }; category config { default_syslog; }; category security { default_syslog; }; category resolver { default_syslog; }; category xfer-in { default_syslog; }; category xfer-out { default_syslog; }; category notify { default_syslog; }; category client { default_syslog; }; category network { default_syslog; }; category update { default_syslog; }; category queries { default_syslog; }; category lame-servers { default_syslog; }; };
Then in /etc/syslog.conf local6.* /var/log/named.log
If you want to keep the crap out of /var/log/messages, just append 'local6.none' to the definition for /var/log/messages.
If you're going to be running this for any length of time, you may want to consider logrotate.
Drop this in /etc/logrotate.d/named
/var/log/named.log { missingok create 0644 named named postrotate /sbin/service named reload 2> /dev/null > /dev/null || true endscript }
Then restart bind and the logging you've messed with and you should be all set.
-- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety'' Benjamin Franklin 1775