client Processing of client requests. cname Logs nameservers that are skipped due to them being a CNAME rather than A / AAAA records. config Configuration file parsing and processing. database Messages relating to the databases used internally by the name server to store zone and cache data. default The default category defines the logging options for those categories where no specific configuration has been defined. delegation-only Delegation only. Logs queries that have been forced to NXDOMAIN as the result of a delegation-only zone or a delegation-only in a forward, hint or stub zone declaration. dispatch Dispatching of incoming packets to the server modules where they are to be processed. dnssec DNSSEC and TSIG protocol processing. dnstap The "dnstap" DNS traffic capture system. edns-disabled Log queries that have been forced to use plain DNS due to timeouts. This is often due to the remote servers not being RFC 1034 compliant (not always returning FORMERR or similar to EDNS queries and other extensions to the DNS when they are not understood). In other words, this is targeted at servers that fail to respond to DNS queries that they don't understand. Note: the log message can also be due to packet loss. Before reporting servers for non-RFC 1034 compliance they should be re-tested to determine the nature of the non-compliance. This testing should prevent or reduce the number of false-positive reports. Note: eventually named will have to stop treating such timeouts as due to RFC 1034 non compliance and start treating it as plain packet loss. Falsely classifying packet loss as due to RFC 1034 non compliance impacts on DNSSEC validation which requires EDNS for the DNSSEC records to be returned. general The catch-all. Many things still aren't classified into categories, and they all end up here. lame-servers Lame servers. These are misconfigurations in remote servers, discovered by BIND 9 when trying to query those servers during resolution. network Network operations. notify The NOTIFY protocol. queries Specify where queries should be logged to. At startup, specifying the category queries will also enable query logging unless querylog option has been specified. The query log entry first reports a client object identifier in @0x<hexadecimal-number> format. Next, it reports the client's IP address and port number, and the query name, class and type. Next, it reports whether the Recursion Desired flag was set (+ if set, - if not set), if the query was signed (S), EDNS was in used along with the EDNS version number (E(#)), if TCP was used (T), if DO (DNSSEC Ok) was set (D), if CD (Checking Disabled) was set (C), if a valid DNS Server COOKIE was received (V), or if a DNS COOKIE option without a valid Server COOKIE was present (K). After this the destination address the query was sent to is reported. client 127.0.0.1#62536 (www.example.com): query: www.example.com IN AAAA +SE client ::1#62537 (www.example.net): query: www.example.net IN AAAA -SE (The first part of this log message, showing the client address/port number and query name, is repeated in all subsequent log messages related to the same query.) query-errors Information about queries that resulted in some failure. rate-limit The start, periodic, and final notices of the rate limiting of a stream of responses are logged at info severity in this category. These messages include a hash value of the domain name of the response and the name itself, except when there is insufficient memory to record the name for the final notice The final notice is normally delayed until about one minute after rate limit stops. A lack of memory can hurry the final notice, in which case it starts with an asterisk (*). Various internal events are logged at debug 1 level and higher. Rate limiting of individual requests is logged in the query-errors category. resolver DNS resolution, such as the recursive lookups performed on behalf of clients by a caching name server. rpz Information about errors in response policy zone files, rewritten responses, and at the highest debug levels, mere rewriting attempts. security Approval and denial of requests. spill Logs queries that have been terminated, either by dropping or responding with SERVFAIL, as a result of a fetchlimit quota being exceeded. trust-anchor-telemetry Logs trust-anchor-telemetry requests received by named. unmatched Messages that named was unable to determine the class of or for which there was no matching view. A one line summary is also logged to the client category. This category is best sent to a file or stderr, by default it is sent to the null channel. update Dynamic updates. update-security Approval and denial of update requests. xfer-in Zone transfers the server is receiving. xfer-out Zone transfers the server is sending.