Logging Response Results
dufberg at telia.net
Sat Jun 25 23:02:05 UTC 2011
The .SE Registry has created a solution that stores queries and answers.
PacketQ (replaces DNS2DB)
PacketQ is a tool for analyzing PCAP-data, if can work with any packets
but is designed primarily for DNS and ICMP-traffic. PacketQ reads,
filters and groups the packets read from the PCAP-files using standard
SQL-queries. The tool is built in C for performance and portability. The
distribution also includes a simple interactive GUI for analyzing the
Stefan Certic skrev 2011-06-23 22:27:
> Thanks Chuck
> Yes, that would be a solution, but i need logs processed through syslog and
> stored into database (matching the initial query from query log).
> Pharsing tcpdump is not going to be suitable for highly loaded system. I was
> more looking for a solution to log responses same way queryes are logged.
> On Thursday, June 23, 2011 09:44:46 pm Chuck Swiger wrote:
>> On Jun 23, 2011, at 12:16 PM, Stefan Certic wrote:
>>> Does anyone have idea on following... Apart from bind9 query log, is it
>>> possible to log response returned to client?
>> Sure: use tcpdump, wireshark, or another network sniffer of your choice and
>> observe DNS responses to the clients you're interested in. (Whether this
>> is better than using query logging is another question entirely.)
More information about the bind-users