Switching off the BIND DNS server logs for GDPR compliance

Modified on: Fri, 6 Mar, 2020 at 2:22 AM

Problem

The BIND DNS server writes domain names to log files located in /var/log/messages. However, domain names are considered sensitive information, and to comply with GDPR, it must be removed by a customer's request.

Resolution

Switch off BIND logging:

Connect to the node that runs BIND.
Add this code block to the end of the /var/named/chroot/etc/named.conf file:
```
logging {
    category default {
            null;
    };
};
```

Replace the contents of the section "Service.ExecStartPre" in the /usr/lib/systemd/system/named-chroot.service file with the following:

ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi > /dev/null 2>&1'

If you need to learn more about BIND logging, see the BIND documentation.

Internal content

Did you find it helpful? Yes No