If you need to debug, or for any other reason to log all queries your DNS server gets, you can turn log on.

We will use rndc to achieve this goal.

First we need to configure both rndc and bind.

Fortunately rndc comes with a handy tool, that teach us how to configure both rndc and bind easily. Run:

rndc-confgen

The output should looks like this:

# Start of rndc.conf
key "rndckey" {
        algorithm hmac-md5;
        secret "t1cM8rHmLecMSu2SxbzI5w==";
};

options {
        default-key "rndckey";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
#       algorithm hmac-md5;
#       secret "t1cM8rHmLecMSu2SxbzI5w==";
# };
#
# controls {
#       inet 127.0.0.1 port 953
#               allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf

So be sure to edit /etc/rndc.conf and make it look like this:

# Start of rndc.conf
key "rndckey" {
        algorithm hmac-md5;
        secret "t1cM8rHmLecMSu2SxbzI5w==";
};

options {
        default-key "rndckey";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

and also edit your /etc/bind.conf or /etc/named.conf depending on your distro, and add this lines to the top of the file.

key "rndckey" {
      algorithm hmac-md5;
      secret "t1cM8rHmLecMSu2SxbzI5w==";
};
controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndckey"; };
};

Be sure to edit the allow list, according to your needs.

Also if there is any line like this

include rndckey

Remove it.

Now you can enble logs on DNS server, run this

rndc querylog -s 127.0.0.1 -V

That will start the logging, to stop it, just run the same command again.

The logs are stored in: /var/log/messages, and you can use tail -f to view the DNS log queries as the come.