UNIX System Administration Handbook - Evi Nemeth [282]
c. Must be a single file channel
See the BIND 8 source file include/dns/confcommon.h for a definitive list. The file log.h in that same directory has a list of module names. For BIND 9, the relevant files are lib/dns/include/dns/log.h and bin/named/include/named/log.h.
The default logging configuration for BIND 8 is
logging {
category default { default_syslog; default_debug; };
category panic { default_syslog; default_stderr; };
category eventlib { default_debug; };
category packet { default_debug; };
};
and for BIND 9 it is
logging {
category default { default_syslog; default_debug; };
};
You should watch the log files when you make major changes to BIND, and perhaps increase the logging level. Then, reconfigure to preserve only serious messages once named is stable. Some common log messages are listed below:
• Lame server.If you get this message about one of your own zones, you have configured something incorrectly. The message is relatively harmless if it’s about some zone out on the Internet; it’s someone else’s problem.
• Bad referral.This message indicates a miscommunication among a zone’s name servers.
• Not authoritative for.A slave server is unable to get authoritative data for a zone. Perhaps it’s pointing to the wrong master, or perhaps the master had trouble loading the zone in question.
• Rejected zone.named rejected a zone file because it contained errors.
• No NS RRs found.A zone file did not have NS records after the SOA record. It could be that the records are missing, or it could be they don’t start with a tab or other whitespace. In the latter case, the records are not attached to the zone of the SOA record and are therefore misinterpreted.
• No default TTL set.The preferred way to set the default TTL is with a $TTL clause at the top of the zone file. This error message indicates that the $TTL is missing. In BIND 8 it defaults to the value of the minimum parameter from the SOA record.15
In BIND 9, the $TTL is required; named refuses to load zone files that do not specify a $TTL.
• No root name server for class.Your server is having trouble finding the root name servers. Check your hints file and the server’s Internet connectivity.
• Address already in use.The port on which named wants to run is already being used by another process, probably another copy of named. If you don’t see another named around, it might have crashed and left an ndc control socket open that you’ll have to track down and remove.16
You can find a nice table of BIND error messages at
http://www.acmebw.com/askmrdns/bind-messages.htm.
Debug levels
named debug levels are indicated by integers from 0 to 11. The higher the number, the more verbose the output. Level 0 turns debugging off. Levels 1 and 2 are fine for debugging your configuration and database. Levels beyond about 4 are appropriate for the maintainers of the code.
You invoke debugging on the named command line with the -d flag. For example,
# named -d2
would start named at debug level 2. By default, debugging information is written to the file named.run, the location of which is OS dependent. See the tables in the vendor specifics section starting on page 481 for the exact locations. The named.run file grows very fast, so don’t go out for a beer while debugging or you will have bigger problems when you return.
You can also turn on debugging while named is running with ndc trace, which increments the debug level by 1. ndc notrace turns debugging off completely. You can also enable debugging by defining a logging channel that includes a severity specification such as
severity debug 3
which sends all debugging messages up to level 3 to that particular channel. Other lines in the channel definition specify the destination of those debugging messages. The higher the severity level, the more information is logged.
Watching the logs or the debugging output illustrates how often DNS data is misconfigured. That pesky