Setup BIND logging easily

Wow, this was so annoying to solve, yet simple. I can’t believe how many results in searching brought up overly complicated and incomplete answers that didn’t work. People added 10 or more log files types and some requiring launching Bind with a start up argument. What???!!!! Come on! I just want to output a log of client requests! Why is this so hard?!!!!!

I finally found a solution that was super easy. There are still more lines of config here than I think should be, but it’s much less than all the answer’s I ran into on searching.

My system is Fedora 30 (I think?), so you may need to adjust for your distro. I’ll be moving to Debian Buster soon and will test on that, so I’ll post changes as needed.

First, add to your BIND config. /etc/named.conf

logging {
	channel log_config {
		file "/var/log/named/named.log" versions 3 size 5m;
		severity info;
		print-category yes;
		print-severity yes;
		print-time yes;
	category default { log_config; };
	category update { log_config; };
	category update-security { log_config; };
	category security { log_config; };
	category queries { log_config; };
	category lame-servers { null; };

Next, make sure you create the log destination folder and set permissions:

mkdir /var/log/named
chown named:named /var/log/named
systemctl restart named

OK!! You should be all set. Now tail -f /var/log/named/named.log and you’ll see log output of client queries.

You’ll probably want to add a logrotate config too, but it does have a size of 5m, so maybe that’s all we need.