The BIND DNS server writes domain names to log files located in /var/log/messages. However, domain names are considered sensitive information, and to comply with GDPR, it must be removed by a customer's request.


Switch off BIND logging:

  1. Connect to the node that runs BIND.
  2. Add this code block to the end of the /var/named/chroot/etc/named.conf file:
    logging {
        category default {
  3. Replace the contents of the section "Service.ExecStartPre" in the /usr/lib/systemd/system/named-chroot.service file with the following:
    ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi > /dev/null 2>&1'

If you need to learn more about BIND logging, see the BIND documentation.

Internal content