# bind logging



## ItaRi (May 27, 2009)

Good afternoon, prompt, I can not adjust logging. In a config it is registered:

```
logging {
    channel log_file { file "/var/log/named.log" size 10M;
    severity  debug 3 ; };
    category queries { log_file; };
    category xfer-in { log_file; };
    category xfer-out { log_file; };
    category default { log_file; };
};
```

But logs all the same are not present, what I not so have made?
PS: sorry for my inglish )


----------



## SirDice (May 27, 2009)

Make sure the named user is able to write to that log file.


----------



## ItaRi (May 27, 2009)

SirDice said:
			
		

> Make sure the named user is able to write to that log file.



The file was absent, I have created it and have granted the rights: 
shape# ls -l named.log
-rw-r--r--  1 bind  bind  0 May 27 15:06 named.log


----------



## DutchDaemon (May 27, 2009)

And after that you restarted BIND and the result was .... ?


----------



## DutchDaemon (May 27, 2009)

BTW, you should use a 'versions' parameter as well:

http://www.zytrax.com/books/dns/ch7/logging.html



> If you specify a size value and NO versions parameter when the size limit is reached BIND will stop logging until the file size is reduced to below the threshold defined i.e. by deleting or truncating the file.


----------



## vivek (May 27, 2009)

No need to create a log file by hand. Just delete that file. 
Replace:

```
channel log_file { file "/var/log/named.log" size 10M;
```
With

```
channel log_file { file "/var/log/named.log" versions 3 size 10M;
```


----------



## DutchDaemon (May 27, 2009)

User bind has no permission to create a file in /var/log, so it should be created and set to bind:bind, or /var/log/should be chgrp'ed (which you generally don't want). Another option is to simply have BIND log to syslog (local.*) and have syslogd and newsyslog deal with creating/rotating logfiles.


----------



## vivek (May 27, 2009)

Actually if you chroot bind9, the freebsd rc script will create /var/log directory with bind:bind permission. 

```
cat /etc/mtree/BIND.chroot.dist
grep -A 6 chroot_autoupdate /etc/rc.d/named
```

OP: you must run chrooted bind, there is no need to run it on live fs and get rooted, see security thread for more info about chrooting - http://forums.freebsd.org/showthread.php?t=4108


----------



## ItaRi (May 28, 2009)

Will excuse for troubling, has tracked down a broad gull a file in a directory/var/named/log/named.log
But all the same, all many thanks for the given information
It is necessary to be more attentive))


----------



## DutchDaemon (May 28, 2009)

Surely, that would be /var/named/var/log/named.log?

(not calling you Shirley).


----------



## ItaRi (May 28, 2009)

DutchDaemon said:
			
		

> Surely, that would be /var/named/var/log/named.log?



Yes yes ))


----------

