1.編輯 /etc/bind/named.conf,新增以下這行:
include "/etc/bind/named.conf.log";
2. 創建 /etc/bind/named.conf.log,並新增以下內容:
logging {
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category update { bind_log; };
category update-security { bind_log; };
category security { bind_log; };
category queries { bind_log; };
category lame-servers { null; };
};
3.新增log檔所需的資料夾,並變更擁有者
mkdir /var/log/bind
chown -R bind:bind /var/log/bind
4.編輯 /etc/apparmor.d/usr.sbin.named,註解下面兩行:
/var/log/named/** rw,
/var/log/named/ rw,
並新增下面兩行
/var/log/bind/** rw,
/var/log/bind/ rw,
5.重新啟動 app armor
/etc/init.d/apparmor restart
6.重新啟動bind9
service named restart