Enable logging of DNS queries in Unbound DNS resolver

In order to enable logging in the Unbound DNS resolver, you have to add the following lines to your /etc/unbound/unbound.conf configuration file:

server:
    chroot: ""
    logfile: /var/log/unbound.log
    verbosity: 1
    log-queries: yes
    ...

Then, create the file and make sure it’s owned by the unbound process:

touch /var/log/unbound.log
chown unbound:unbound /var/log/unbound.log

Finally, restart Unbound:

/etc/init.d/unbound restart

Now you should be able to see the log:

tail -f /var/log/unbound.log
[1553775590] unbound[32655:0] info: 127.0.0.1 googlemail.l.google.com. A IN
[1553775609] unbound[32655:0] info: 127.0.0.1 acp-ss-ew1.adobe.io. A IN
[1553775695] unbound[32655:0] info: 127.0.0.1 clients4.google.com. A IN
...

The reason you have to add chroot: "" is because by default unbound runs in a chroot and can’t write to /var/log.

This post was tested on OpenWRT.

Linux

Permalink: https://snippets.khromov.se/enable-logging-of-dns-queries-in-unbound-dns-resolver/

Author

Stanislav Khromov

Web Developer at Aftonbladet (Schibsted Media Group)
Any opinions on this blog are my own and do not reflect the views of my employer.
LinkedIn
Twitter
WordPress.org Profile
Visit my other blog

Comments 2

Posted on 04/08/2020

James

Reply Author

Thanks this was helpful!
Posted on 26/06/2021

Chris

Reply Author

Thx! I tried a lot of other stuff … ;-)

Welcome!

Latest posts from my personal blog

Most viewed posts

Subscribe to RSS feed

Enable logging of DNS queries in Unbound DNS resolver

Stanislav Khromov

James

Chris

Cancel Reply

Welcome!

Latest posts from my personal blog

Most viewed posts

Subscribe to RSS feed

Enable logging of DNS queries in Unbound DNS resolver

Related posts

Stanislav Khromov

James

Chris

Cancel Reply