I've been trying to get BIND server query logging working, creating 3 versions, max 100mb each. The system is SUSE SLES 11. I have found numerous how to articles on the web but none of them do anything other than break the DNS server. The machine is a virtualbox guest so I can keep going back to an unmodified snapshot of a working BIND server that doesn't do any query logging.
If I manually add the logging statements into named.conf, named will no longer load. messages shows "isc_stdio_open 'whatever i told it' failed: file not found." chown named.named logfile doesn't help or change the behavior in any way. Do anything with the apparmor profile file directly including just saving it without changing it and apparmor will never load that profile again. It will say there is already a profile.
Restore snapshot -> now back to having made no changes
use the GUI tools to configure logging for the dns server. named will not start bc it still doesn't have rights or cannot find the log file. chown named.named logfile doesn't help. use the gui tools to configure apparmor. This at least doesn't kill the apparmor profile, but doesn't help the situation in any way regardless.
I have tried this on 2 different VM/s, both SLES 11, both are just basic take all the defaults installs and not in production yet.
I have tried several different combinations of using the gui tools and manually modifying the config files. I have tried different locations for the log file such as /var/log/querylog, /var/log/querylogs/querylog, /root/queries. I have tried using touch to create the log file, then chown it to named.named. I've tried using the gui to create the files/directories and then setting permissions.
Does anyone know how to get DNS Query logs, in a rotation of 3 files on a SLES 11 BIND server working? It doesn't seem like it should be anywhere near this much of a hassle.
edit
currently the logging section of named.conf looks like:
logging { channel log_file { file "/var/log/query_log.log" versions 3 size 100M; } ; catagory default { log_file; }; };
what gets reported in /var/log/messages is:
the working directory is not writable.
isc_stdio_open '/var/log/named/query_log.log' failed: file not found > configuring logging: file not found exiting (due to fatal error)
so it looks like there is some kind of permissions issue. I have created that directory and put a blank file in it named query_log.log. I made named the owner and granted everyone read, write and execute on /var/log/named and gave everyone read write on /var/log/named/query_log.log
ls -l of /var/log/named
-rwxrwxrwx l named named 0 Apr 26 08:43 query_log.log
ls - of /var/log
//various files and directories
drwxr-xr-x 2 named named 4093 Apr 26 09:26 named
edit 2
to start the bind server I use rcnamed start If I remove the logging section so that I can get named started, running ps aux | grep named shows that /usr/sbin/named is running as the user named.
Thank you for your help so far. What do I have to do to get this working?