BIND and Windows DNS logging and archiving
Phil Mayers
p.mayers at imperial.ac.uk
Sun Jul 23 16:15:30 UTC 2017
On 23/07/2017 15:16, Mick Lee wrote:
> I have a colleague who has said he has a parts of a PCAP to BIND query
> log agent that runs on UNIX platforms, and he is happy to port that to
> Windows for me - he's actually working on it now (for a few beers :) ).
dnscap basically does the same thing. No idea how easy it would be to
run under Windows.
Absent changes to the resolving setup, I think that a capture/tap is
probably your only realistic option.
Depending on your architecture (physical, virtual, topology) the tap
could live on another box, if all you need is to know that server A made
a query for badzone B.
More information about the bind-users
mailing list