Logging Response Results
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jun 23 20:58:37 UTC 2011
On 06/23/2011 09:27 PM, Stefan Certic wrote:
> Thanks Chuck
>
> Yes, that would be a solution, but i need logs processed through syslog and
> stored into database (matching the initial query from query log).
>
> Pharsing tcpdump is not going to be suitable for highly loaded system. I was
> more looking for a solution to log responses same way queryes are logged.
The problem is that queries and responses are not the same type of
thing. A query contains a single question, and is usually relatively
small. A response can contain multiple answers, and multiple types of
answer, and with DNSSEC they can get big.
There's no inherent reason parsing tcpdump needs to be slow. It's
written in C.
Anyway: bind itself cannot log answers. You will need to patch the
source if you want this.
More information about the bind-users
mailing list