I rebuilt my server and setup bind to log queries in a chroot.
################################################################################ # Logging Configuration # logging { # # Define channels for the two log files # channel query_log { severity info; print-time yes; file "/var/log/query.log" versions 3 size 100M; }; channel activity_log { severity info; print-time yes; print-category yes; print-severity yes; file "/var/log/activity.log" versions 3 size 100M;
Below is the security context of the files in the chroot.
[root@josh log]# ls -alZ /var/named/chroot/var/log/activity.log -rw-r--r-- named named root:object_r:named_conf_t /var/named/chroot/var/log/activity.log
[root@josh log]# ls -alZ /var/named/chroot/var/log/query.log -rw-r--r-- named named root:object_r:named_conf_t /var/named/chroot/var/log/query.log
I temporarily disabled selinux but there was one simple step I missed (forgot since i did this years ago). I briefly recall creating a symlink and/or using chcon or one of the selinux commands.
Thanks, Josh