Bind9 Logs On Debian & Ubuntu

If you have installed Bind DNS Server on Debian or Ubuntu, you probably noticed that all the output will be redirected to /var/log/syslog. We like to have our logs separate for each daemon, so in order to make that change we will need to add some configuration to bind9. First in /etc/bind/named.conf you will need to add the line below:

include "/etc/bind/named.conf.log";

Next, create the file /etc/bind/named.conf.log with the following content:

Next open up PuTTY or log onto the terminal and run the following commands:

Last but certainly not least, in order to keep our log file from growing uncontrollably, we will need to logrotate our bind.log file using the method from my previous article How To Logrotate Custom Logs. So, create the fileĀ /etc/logrotate.d/bind with the following content.

Finally, to verify that your logrotate script is correct, run the following command.

Did you find this article useful? Why not share it with your friends?

8 thoughts on “Bind9 Logs On Debian & Ubuntu

  1. In this text section:
    “Last but certainly not least, in order to keep our log file from growing uncontrollably, we will need to logrotate our bind.log file using the method from my previous article How To Logrotate Custom Logs. So, create the file /etc/logrorate.d/bind with the following content.”
    have an error

    /etc/logrorate.d/bind is /etc/logrotate.d/bind

    It’s a little slip
    Regards

  2. Weird. bind:bind owns the folder. var and log are executable, so bind should be able to see down through the folders to it’s owned bind folder…

    ubuntu@dns-server:~$ ls -al /var/log/bind
    total 8
    drwxrwxr-x 2 bind bind 4096 Jan 14 14:31 .
    drwxrwxr-x 9 root syslog 4096 Jan 14 14:25 ..
    -rw-rw-r– 1 bind bind 0 Jan 14 14:31 bind.log

    However, when i restart bind9 i still get this error:

    Jan 14 14:31:36 dns-server named[12436]: isc_stdio_open ‘/var/log/bind/bind.log’ failed: permission denied
    Jan 14 14:31:36 dns-server named[12436]: configuring logging: permission denied
    Jan 14 14:31:36 dns-server named[12436]: loading configuration: permission denied
    Jan 14 14:31:36 dns-server named[12436]: exiting (due to fatal error)
    Jan 14 14:31:36 dns-server kernel: [41383.169275] type=1400 audit(1421245896.727:21): apparmor=”DENIED” operation=”open” profile=”/usr/sbin/named” name=”/var/log/bind/bind.log” pid=12437 comm=”named” requested_mask=”c” denied_mask=”c” fsuid=106 ouid=106

      1. Yes, apparmor is the issue.

        Try:-
        —————–
        # Site-specific additions and overrides for usr.sbin.named.
        # For more details, please see /etc/apparmor.d/local/README.
        # Below added to allow logging
        /var/log/bind9/query.log rw,
        /var/log/bind9/bind.log rw,
        /var/log/bind9/debug.log rw,
        /var/cache/bind/named.stats rw,
        —————
        In :
        /etc/apparmor.d/local/usr.sbin.named

        Changing the paths/filenames to suit your config.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.