getting answers from DNS queries
Gaurav Kansal
gaurav.kansal at nic.in
Tue May 3 12:31:08 UTC 2022
Yup. But if the DNS infra is under my control, then definitely the keys (which i have used for encryption) will also be with me. Am i missing something here ? 🧐
—
Gaurav Kansal
> On 03-May-2022, at 14:40, Petr Špaček <pspacek at isc.org> wrote:
>
> On 03. 05. 22 10:56, Gaurav Kansal wrote:
>> Or if you are ready to take some pain, then take the mirror from the network side, parse the packets and you can achieve whaterver you want to do, build beautiful graphs, have reports and what not.
>> This will also help in reducing the load on your DNS node by disabling the logging completely and you can achieve high QPS.
>> One such tool which can do all for you is dnsmonster - https://github.com/mosajjal/dnsmonster <https://github.com/mosajjal/dnsmonster> . Just send mirror traffic to this and it will do everything for you.
> The major problem with packet mirroring and parsing is that it is unusable for encrypted transports. For that very reason I think dnstap is the way to go.
>
> --
> Petr Špaček
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list