logging not working via bind conf directive

[jiveman]

First I'd like to thank you for your work on this container. :)

I'm having an issue trying to get logging out of bind via a file. I understand that syslogd is not running within the container, however bind should natively write to an output file as documented here.

I'm sort of new to docker so forgive my ignorance if I've overlooked something obvious. I'm not quite sure how logging seems to operate fine to terminal when run non-daemonized. I just want to capture rpz logs to a file.

including my simple .conf directives which work outside of docker.

named.conf.local logging { include "/etc/bind/foo.logging.conf"; };

foo.logging.conf

channel device_file {
    file "/data/bind/logs/foo.log" versions 3 size 100k;
    severity warning;
    print-time yes;
    print-category yes;
    print-severity yes;
};

category rpz { device_file; };

I notice the logfile does get created, and has correct permissions for bind user.

[jiveman]

I'm under the impression that bind would log to file directly not through syslogd.

I did find another round about way of getting logs. The drawback here being they are not only RPZ logs that I want but all STDOUT from the bind process documented here.

In entrypoint.sh redirect output from the named process like so

  exec $(which named) -u ${BIND_USER} -g -c /etc/bind/named.conf ${EXTRA_ARGS} >> /data/bind/logs/foo.log 2>&1

I also read a bit about docker's logging driver capabilities here.

My goal would be to get specific logs without having to run full systemd + journald etc.. as shown here

[jiveman]

I solved it! From my limited understanding of the issue it seems when named is invoked with the -g flag it redirects all logging to stderr. This causes the logging statements (while correct) in the configuration files to be ignored. I simply make it an env variable that I could swap for '-f' (foreground) and bam, I'm in business.

[BetterToAutomateTheWorld]

Hi @jiveman I'm interested in your fix (I've the exact same error), please can you detail your workaround step by step ?

26-Apr-2020 09:31:02.528 command channel listening on 127.0.0.1#953
26-Apr-2020 09:31:02.528 not using config file logging statement for logging due to -g option
isc_stdio_open '/var/log/named/named.log' failed: file not found
26-Apr-2020 09:31:02.528 checking logging configuration failed: file not found
26-Apr-2020 09:31:02.528 loading configuration: file not found
26-Apr-2020 09:31:02.528 exiting (due to fatal error)

(i'm using sameersbn/bind:9.11.3-20190706)

EDIT1: using EXTRA_ARGS to put the -f doesn't work (with -g kept) EDIT2 : Rebuilding the docker image without the -g and using EXTRA_ARGS to put the -f doesn't work

[jiveman]

Hi @jiveman I'm interested in your fix (I've the exact same error), please can you detail your workaround step by step ?

26-Apr-2020 09:31:02.528 command channel listening on 127.0.0.1#953
26-Apr-2020 09:31:02.528 not using config file logging statement for logging due to -g option
isc_stdio_open '/var/log/named/named.log' failed: file not found
26-Apr-2020 09:31:02.528 checking logging configuration failed: file not found
26-Apr-2020 09:31:02.528 loading configuration: file not found
26-Apr-2020 09:31:02.528 exiting (due to fatal error)

(i'm using sameersbn/bind:9.11.3-20190706)

EDIT1: using EXTRA_ARGS to put the -f doesn't work (with -g kept) EDIT2 : Rebuilding the docker image without the -g and using EXTRA_ARGS to put the -f doesn't work

I ended up rewriting my own bind container with Alpine as a base os. However what I said above still applies. I basically replaced the -g for an env variable like this:

entrypoint.sh

exec $(which named) -u ${BIND_USER} ${FOREGROUND_FLAG} -c /etc/bind/named.conf ${EXTRA_ARGS}

Then defaulted the FOREGROUND_FLAG env variable to be -f. That way if I want to troubleshoot with the container logging directly console I can easily just add --env 'FOREGROUND_FLAG=-g' to my docker run command. Add the following somewhere near the top where he defines other environment variables. FOREGROUND_FLAG=${FOREGROUND_FLAG:--f} also in entrypoint.sh.

(You will have to run rebuild your own container at this point e.g. docker build . janedoe/mydnsdocker)

Here is my personal logging conf, pretty generically taken from ISC's documentation.

logging {

    // Generic BIND logging

    channel default_log {
        file "/var/log/named/named.log" versions 5 size 5M;
        print-time yes;
        print-category yes;
        print-severity yes;
        severity info;
    };
    //
    // Log routine stuff to simple file log:
    //
    category default { default_log; };
    category config { default_log; };
    category dispatch { default_log; };
    category network { default_log; };
    category general { default_log; };

};

This should go without saying but, make sure /var/log/named exists and has correct file permissions. :)

Let me know if you have any further questions.

[BetterToAutomateTheWorld]

Thank you for your quick reply @jiveman !

I build locally and pushed to the docker hub a temporary fixed version of the docker images I managed to get working with your instructions, if it can be useful to others, here is the URL : https://hub.docker.com/r/lxc4life/bind

WARNING : it's only a temporary image fix, I hope the maintainer of the base image can do the fix and update his image :), I probably won't update myself this image again

Finally, I used this logging configuration :

logging {
  channel default_log {
    file "/etc/bind/logs/named.log" versions 5 size 5m;
    severity info;
    print-time yes;
    print-severity yes;
    print-category yes;
  };

  // Log routine stuff to simple file log:
  category default { default_log; };
  category config { default_log; };
  category dispatch { default_log; };
  category network { default_log; };
  category general { default_log; };
};

(logs inside /etc/bind/logs/named.log to be sure I don't have permissions issue)