UNIX System Administration Handbook - Evi Nemeth [281]
16.14 TESTING AND DEBUGGING
named provides several built-in debugging aids, foremost among which is its voluptuously configurable logging. You can specify debug levels on the command line or set them with ndc. You can also instruct named to dump its operating statistics to a file and verify name lookups with dig or nslookup.
Logging
named’s logging facilities are flexible enough to make your hair stand on end. BIND 4 used syslog to report error messages and anomalies. BIND 8 generalizes the concepts of syslog by adding another layer of indirection and support for logging directly to files. Before we dive in, let’s take a look at the mini-glossary of BIND logging terms shown in Table 16.12.
Table 16.12 A BIND logging lexicon
See Chapter 11 for more information about syslog.
You configure BIND logging with a logging statement in named.conf. You first define channels, the possible destinations for messages. You then tell various categories of message to go to particular channels.
When a message is generated, it is assigned a category, a module (in BIND 9), and a severity at its point of origin. It is then distributed to all the channels associated with its category and module. Each channel has a severity filter that tells what severity level a message must have in order to get through. Channels that lead to syslog are also filtered according to the rules in /etc/syslog.conf.
Here’s the outline of a logging statement:
logging {
channel_def;
channel_def;
...
category category_name {
channel_name;
channel_name;
...
};
};
A channel_def looks slightly different depending upon whether the channel is a file channel or a syslog channel. You must choose file or syslog for each channel; a channel can’t be both at the same time.
channel channel_name {
file path [versions numvers | unlimited] [size sizespec];
syslog facility;
severity severity;
print-category yes | no;
print-severity yes | no;
print-time yes | no;
};
For a file, numvers tells how many backup versions of a file to keep, and sizespec specifies how large the file should be allowed to grow (examples: 2048, 100k, 20m, 15g, unlimited, default).
In the syslog case, facility specifies what facility name is used to log the message. It can be any standard facility. In practice, only daemon and local0 through local7 are reasonable choices.
See page 212 for a list of syslog facility names.
The rest of the statements in a channel_def are optional. severity can have the values (in descending order) critical, error, warning, notice, info, or debug (with an optional numeric level, e.g., severity debug 3). The value dynamic is also recognized and matches the server’s current debug level.
The various print options add or suppress message prefixes. Syslog prepends the time and reporting host to each message logged, but not the severity or the category. In BIND 9, the source filename (module) that generated the message is also available as a print option. It makes sense to enable print-time only for file channels; syslog records the time on its own.
The four channels listed in Table 16.13 are predefined by default. The default channels should be fine for most installations.
Table 16.13 Predefined logging channels in BIND
Table 16.14 on the next page shows the current list of message categories for BIND 8 and 9. BIND 9’s categories are not yet fully defined. When the Vers column shows “8/9?”, the category exists in BIND 8 but not yet in BIND 9.
Table 16.14 BIND logging categories
a. The default category is also the catchall category for unclassified messages in BIND 8.
b. Either the parent