BIND and Windows DNS logging and archiving
Mick Lee
lmick5455 at gmail.com
Sun Jul 23 14:16:41 UTC 2017
Thanks Phil,
You are right it's not a BIND issue :)
I am a BIND user myself, and I was wondering how other BIND users have
copied when they've had to deal with Windows DNS servers like this.
I appreciate any response to be honest.
I have a colleague who has said he has a parts of a PCAP to BIND query log
agent that runs on UNIX platforms, and he is happy to port that to Windows
for me - he's actually working on it now (for a few beers :) ).
Basically it just listens on port 53 and streams the data over TCP syslog,
i.e. doesn't write to disk but queues in memory with a limit. It also logs
responses for certain record types which is nice.
I'll give that a try, sounds like it will give me query logging formatted
logs, which I can push into pretty much anything :)
Many thanks
Mick
On 23 Jul 2017 3:06 p.m., "Phil Mayers" <p.mayers at imperial.ac.uk> wrote:
On 22/07/2017 07:33, Mick Lee wrote:
> Hi Guys,
>
> Can anyone offer any advice based on their experience?
>
Well, if I understand correctly, your main problem is the windows boxes
running windows DNS, so this is not a bind problem. You might be better
asking elsewhere.
However, honestly I would consider moving the traffic from the windows
boxes elsewhere to somewhere you can log. There are great tools for doing
this but they're all unix-oriented e.g. dnsdist, dnscap.
I guess you could try and get one of those running on a Windows box, but
for the effort involved on about 100 servers, you might as well just spin
up a recursive resolver that you *can* instrument, and point all the boxes
at that.
Regards,
Phil
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170723/5ff5bcb4/attachment.html>
More information about the bind-users
mailing list