Log rotation for rsyslog using fixed size

Posted on July 31, 2023 by admin

We’ll follow the documentation from here.

Changes are made to the /etc/rsyslog.conf config file.

For this example, we will be configuring our named.log file to not exceed 50MiB, and then we’ll have a rotated log “.1” that is also 50MiB. Total it should not exceed 100BMiB.

First we need to create an out channel, and then we assign the out channel to a logging channel. We also need a script that rotates the logs.

Create the Output Channel

$outchannel log_rotation,/var/log/named.log, 52428800,/home/user/log_rotation.sh

Assign Output Channel to Logging Channel

On our line that is logging named, at the end add :$log_rotation

Example:

local0.*                   /var/log/named.log:$log_rotation

Script to Rotate Log

Somewhere on the system, create a rotate.sh script. Name it whatever you want, just be sure the path and name in the rsyslog.conf is the same.

Add the following one line to move the current log to a rotate log.

mv -f /var/log/named.log /var/log/named.log.1

As the log fills up and hits ~50MiB, the named.sh script will run which rotates(moves) the log file to logfile.log.1. This will keep our usage for named.log to 100MiB.

Named Error “option ‘dnssec-enable’ no longer exists”

Posted on December 12, 2022 by admin

After a recent update, the named service stopped working. When manually trying to restart the service it would just fail.

Running the named-checkconf command

sudo /usr/bin/named-checkconf -z /etc/named.conf

Returned the following error.

/etc/named.conf:37: option 'dnssec-enable' no longer exists

Looks like what happened is they removed the dnssec-option, but enabled it by default

The dnssec-enable option has been obsoleted and no longer has any effect. DNSSEC responses are always enabled if signatures and other DNSSEC data are present. [GL #866]

https://bind9.readthedocs.io/en/v9_16/notes.html#id118

So the option is invalid now and not needed.

To fix the issue, simply open up the /etc/named.conf file and delete the line that has ‘dnssec-enable’

Named Debugging Levels

Posted on May 22, 2020 by admin

In the following command, x should be the debug level number

named -g -d x

Example,

named -g -d 3

Following info taken from here.
https://docstore.mik.ua/orelly/networking/dnsbind/ch12_01.htm

12.1.1 What Information Is at Each Level?

Here is a list of the information that each debugging level will give. The debugging information is cumulative; for example, level 2 includes all level 1’s debugging information. The data are divided into the following basic areas: starting up, updating the database, processing queries, and maintaining zones. We won’t cover updating the name server’s internal database – problems always occur elsewhere. However, what the name server adds or deletes from its internal database can be a problem, as you’ll see in Chapter 13, Troubleshooting DNS and BIND .

Level 1

The information at this level is necessarily brief. Name servers can process lots of queries, which can create lots of debugging output. Since the output is condensed, you can collect data over long periods. Use this debugging level for basic startup information and for watching query transactions. You’ll see some errors logged at this level, including syntax errors and DNS packet formatting errors. This level will also show referrals.

Level 2

Level 2 provides lots of useful stuff: it lists the IP addresses of remote name servers that are used during a lookup, along with their round trip time values; it calls out bad responses; and it tags a response as to which type of query it is answering, a SYSTEM (sysquery) or a USER query. When you are tracking down a problem with a secondary server loading a zone, this level shows you the zone values – serial number, refresh time, retry time, expire time, and time left – as the secondary checks if it is up-to-date with its master.

Level 3

Level 3 debugging becomes much more verbose because it generates lots of messages about updating the name server database. Make sure you have enough disk space if you are going to collect debugging output at level 3 or above. At level 3, you’ll also see: duplicate queries called out, system queries generated (sysquery), the names of the remote name servers used during a lookup, and the number of addresses found for each server.

Level 4

Use level 4 debugging when you want to see the query and response packets received by the name server. This level also shows the credibility level for cached data.

Level 5

There are a variety of messages at level 5, but none of them are particularly useful for general debugging. This level includes some error messages, for example, when a malloc() fails, and a message when the name server gives up on a query.

Level 6

Level 6 shows you the response sent to the original query.

Level 7

Level 7 shows you a few configuration and parsing messages.

Level 8

There is no significant debugging information at this level.

Level 9

There is no significant debugging information at this level.

Level 10

Use level 10 debugging when you want to see the query and response packets sent by the name server. The format of these packets is the same format used in level 4. You wouldn’t use this level very often, since you can see the name server response packet with nslookup .

Level 11

There are only a couple of debugging messages at this level, and they are in seldom-traversed code.

Modifying DNS Entry for Domain

Posted on March 16, 2018 by admin

Search /etc/named.conf to find the zone file for the domain.

Find the domain name and see where the zone file is. Example zone block.

zone "incredigeek.com" in {
 type master;
 file "/var/named/mzones/incredigeek.com.hosts";
 allow-query { any; };
 forwarders {};
};

The file is /var/named/mzones/incredigeek.com.hosts

Edit your zone file by opening it up in a text editor.

Example. Text in bold added for comments.

$TTL 21600
$ORIGIN com.
incredigeek IN SOA dns1.dns-server.com. dns2.dns-server.com.(
 0000147 ; serial  <- This needs to be incremented so it is greater than the previous version of this file
 43200 ; refresh (12 hours)
 7200 ; retry (2 hours)
 604800 ; expire (7 days)
 21600 ) ; minimum
 NS dns1.dns-server.com.
 NS dns2.dns-server.com.
 300 A 10.0.0.11   <- A record for root domain
$ORIGIN incredigeek.com.
localhost IN A 127.0.0.1
www 300 IN A 10.0.0.11  <- www subdomain A record
login 300 IN A 10.0.0.12 <- another subdomain A record

Save file and reload Bind

On FreeBSD

rndc reload incredigeek.com

you can reload everything with

rndc reload

On Fedora/CentOS/REHL

service named reload

On Ubuntu/Debian

service bind9 restart

You may need to reload Bind on any slave servers

Incredigeek

Tag Archives: named