dnssec-nodes visualize DNS queries , which is useful for debug.
This tool can monitor BIND debug log and visualize DNS flow from that file in real time.
| [root@fc17 ~]# uname -ri 3.5.2-3.fc17.x86_64 x86_64 [root@fc17 ~]# cat /etc/fedora-release Fedora release 17 (Beefy Miracle) |
install dnssec-nodes
| [root@fc17 ~]# yum install -y dnssec-nodes |
| [root@fc17 ~]# rpm -ql dnssec-nodes /usr/bin/dnssec-nodes /usr/share/applications/dnssec-nodes.desktop /usr/share/doc/dnssec-nodes-1.12 /usr/share/doc/dnssec-nodes-1.12/COPYING /usr/share/icons/hicolor/scalable/apps/dnssec-nodes.svg /usr/share/man/man1/dnssec-nodes.1.gz |
launch dnssec-nodes
| [root@fc17 ~]# dnssec-nodes |
The following is an output of resolving “unbound.net”
dnssec-nodes can watch BIND debug log and visualize DNS flow from that file in real time.
[ monitor a BIND debug log and visualize DNS flow in real time ]
- BIND
| [root@fc17 ~]# named -v BIND 9.9.1-P2-RedHat-9.9.1-5.P2.fc17 |
enable debug logging. ( add red lines )
| [root@fc17 ~]# cat /etc/named.conf options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; channel default_debug { file "/var/named/data/debug.log" versions 2 size 100m; severity debug 9; print-category yes; print-severity yes; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; key "rndc-key" { algorithm hmac-md5; secret "zzz"; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; [root@fc17 ~]# |
reload configuration.
| [root@fc17 ~]# rndc reload server reload successful |
here’s my resolv.conf
| [root@fc17 ~]# cat /etc/resolv.conf nameserver 127.0.0.1 |
| [root@fc17 ~]# systemctl status named.service named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled) Active: active (running) since Sat, 25 Aug 2012 02:14:08 +0900; 12min ago Main PID: 3872 (named) CGroup: name=systemd:/system/named.service └ 3872 /usr/sbin/named -u named Aug 25 02:23:28 fc17.localdomain named[3872]: loading configuration from '/etc/named.conf' Aug 25 02:23:28 fc17.localdomain named[3872]: reading built-in trusted keys from file '/et...y' Aug 25 02:23:28 fc17.localdomain named[3872]: using default UDP/IPv4 port range: [1024, 65535] Aug 25 02:23:28 fc17.localdomain named[3872]: using default UDP/IPv6 port range: [1024, 65535] Aug 25 02:23:28 fc17.localdomain named[3872]: sizing zone task pool based on 6 zones Aug 25 02:23:28 fc17.localdomain named[3872]: using built-in DLV key for view _default Aug 25 02:23:28 fc17.localdomain named[3872]: reloading configuration succeeded Aug 25 02:23:28 fc17.localdomain named[3872]: reloading zones succeeded Aug 25 02:23:28 fc17.localdomain named[3872]: all zones loaded Aug 25 02:23:28 fc17.localdomain named[3872]: running |
on dnssec-nodes GUI , file -> Open and Watch a log file -> select a BIND debug log.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.