Bindgraph is a tool that allow us see the number of DNS queries of a graphical way, taking the result of the queries resolved by our DNS server registered in a log file. For this, We’ve to configure logging for our DNS service, in my scenario I’ll use bind9 and configure bindgraph with the correct log file. With this queries bindgraph will create a RRD database for next create the graphs.

Install bindgraph

# apt-get install bindgraph

Enabling logging in bind9

1.- Add a config file where We’ll include logging configuration:

# vi /etc/bind/named.conf
include "/etc/bind/named.conf.log";

2.- Add definition logging:

# vi /etc/bind/named.conf.log
logging{
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
simple_log;
};
channel query_log {
file "/var/log/named/bind-queries.log";
print-category yes;
print-time yes;
};
category queries {
query_log;
};
};

This log configuration creates a new channel that will send all log output to the log file definition and associate this channel with the predefined category named queries, included with bind software.

3.- Create named directory for logging and set correctly permissions:

# mkdir /var/log/named
# chown bind:bind /var/log/named/

4.- Restart bind9 service:

# service bind9 restart

Configuring bindgraph

1.- Edit bindgraph settings to set the correct file queries log:

# vi /etc/default/bindgraph
DNS_LOG=/var/log/named/bind-queries.log

2.- Edit apache settings to access only to the statistics from internal network:

# vi /etc/apache2/sites-enabled/000-default
<directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from 192.168.1.0/24
</directory>

3.- Restart bindgraph service and apache:

# service bindgraph restart
# service apache2 restart

4.- Now we can access our statistics from the link: http://your-ip-address/cgi-bin/bindgraph.cgi

Tagged on:         

3 thoughts on “Monitoring DNS queries with bindgraph

  • November 5, 2012 at 04:29
    Permalink

    Trying to figure this out… does “query log” need to be set to on? as in “rndc querylog on” or what? My testing seems to show that if it’s off… well, you get no logs. :-)

    Unless I’m missing something. I followed the exact steps above.

    Reply
    • November 5, 2012 at 17:50
      Permalink

      Hey Taco!! Yes the query log is needed to configure bindgraph, the result queries to graph are provided by this log file. When you configure the logging for bind only you have to restart the bind service to take effect the new config. Can you check if the log file is created and output the queries to this file? If not show something is possible that the user bind doesn’t have the correct permissions to write to log file, in this post I used the directory /var/log/named.

      Reply
  • Pingback: nothingOS » Monitoring DNS queries with bindgraph

Leave a Reply

Follow

Get every new post delivered to your Inbox

Join other followers: