bindのログ出力とrndcによるキャッシュコントロール 

■既存のDNS設定は以下の通り

 仮想マシンのsqueeze2台にDNSを導入
 http://d.hatena.ne.jp/labunix/20120404

■バージョンの確認

$ /usr/sbin/named -v
BIND 9.7.3

■nsupdateの更新やzoneの読み込みのログを取る
 逆引きのエラーログ「lame-servers」は破棄(null)する。
 詳しくは「man named.conf」で確認を。

$ id bind
uid=111(bind) gid=116(bind) 所属グループ=116(bind)
$ sudo cp -pi /etc/bind/named.conf.options /etc/bind/named.conf.options.`date '+%Y%m%d'`
$ sudo mkdir /var/log/bind
$ sudo chown bind:bind /var/log/bind/
$ sudo diff --left-column /etc/bind/named.conf.options /etc/bind/named.conf.options.20120502 | sed s/"^< "//g
16a17
>
20,35d20

logging {
        channel "default-log" {
        file "/var/log/bind/bind.log" versions 10 size 100k;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
        };

        category default { "default-log"; };
        category lame-servers { null; };
};
$ sudo named-checkconf && sudo /etc/init.d/bind9 restart
Stopping domain name service...: bind9 waiting for pid 2808 to die.
Starting domain name service...: bind9.

$ sudo tail -f /var/log/bind/bind.log
02-May-2012 23:02:28.476 general: info: zone 127.in-addr.arpa/IN: loaded serial 1
...
03-May-2012 00:41:22.520 update: info: client 127.0.0.1#1238: updating zone 
'localdomain/IN': adding an RR at 'mail.localdomain' CNAME

■「rndckey」を設定する

$ sudo cp -pi /etc/bind/named.conf.options /etc/bind/named.conf.norndckey
$ sudo -u bind /usr/sbin/rndc-confgen -a -b 512 -k rndckey

$ head -4 /etc/bind/named.conf.options
Controls {
      inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/bind/rndc.key";

$ sudo named-checkconf && sudo /etc/init.d/bind9 restart
Stopping domain name service...: bind9rndc: connection to remote host closed
This may indicate that
*1335977498* the remote server is using an older version of the command protocol,
*1335977499* this host is not authorized to connect,
*1335977500* the clocks are not synchronized, or
*1335977501* the key is invalid.
 waiting for pid 3540 to die.
Starting domain name service...: bind9.

$ whereis rndc
rndc: /usr/sbin/rndc /usr/share/man/man8/rndc.8.gz
$ sudo /usr/sbin/rndc -V -s 127.0.0.1 reload
server reload successful
$ sudo netstat -an --program | grep "\:953"
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      5331/named
tcp        0      0 127.0.0.1:46127         127.0.0.1:953           TIME_WAIT   -

■bindを再起動せずにゾーンを更新する

$ sudo /usr/sbin/rndc -V reconfig
create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key
decode base64 secret
reconfig
post event
using server 127.0.0.1 (127.0.0.1#953)
create socket
bind socket
connect
create message
render message
schedule recv
send message
parse message
create message
render message
schedule recv
send message
parse message

$ sudo tail -f /var/log/bind/bind.log
03-May-2012 01:30:58.939 general: info: received control channel command 'reconfig'
03-May-2012 01:30:58.940 general: info: loading configuration from '/etc/bind/named.conf'
03-May-2012 01:30:58.941 general: info: reading built-in trusted keys from file '/etc/bind/bind.keys'
03-May-2012 01:30:58.942 general: info: using default UDP/IPv4 port range: [1024, 65535]
03-May-2012 01:30:58.942 general: info: using default UDP/IPv6 port range: [1024, 65535]
03-May-2012 01:30:58.956 general: info: reloading configuration succeeded
03-May-2012 01:30:58.959 general: info: any newly configured zones are now loaded

■キャッシュのダンプと削除

$ nslookup yahoo.co.jp && sudo /usr/sbin/rndc dumpdb && grep -v "^;" /var/cache/bind/named_dump.db
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   yahoo.co.jp
Address: 124.83.187.140
Name:   yahoo.co.jp
Address: 203.216.243.240

$DATE 20120502164409
yahoo.co.jp.            5       IN A    124.83.187.140
                        5       IN A    203.216.243.240
$DATE 20120502164409
$ sudo /usr/sbin/rndc flush && sudo /usr/sbin/rndc dumpdb && grep -v "^;" /var/cache/bind/named_dump.db
$DATE 20120502164509
$DATE 20120502164509

$ sudo tail -f /var/log/bind/bind.log
03-May-2012 01:44:01.091 general: info: dumpdb started
03-May-2012 01:44:01.092 general: info: dumpdb complete
03-May-2012 01:44:09.825 general: info: received control channel command 'dumpdb'
03-May-2012 01:44:09.825 general: info: dumpdb started
03-May-2012 01:44:09.826 general: info: dumpdb complete
03-May-2012 01:45:06.985 general: info: received control channel command 'flush'
03-May-2012 01:45:06.986 general: info: flushing caches in all views succeeded
03-May-2012 01:45:09.341 general: info: received control channel command 'dumpdb'
03-May-2012 01:45:09.341 general: info: dumpdb started
03-May-2012 01:45:09.343 general: info: dumpdb complete