Logging Response Results
Kevin Darcy
kcd at chrysler.com
Thu Jun 23 20:55:42 UTC 2011
On 6/23/2011 4:27 PM, Stefan Certic wrote:
> Thanks Chuck
>
> Yes, that would be a solution, but i need logs processed through syslog and
> stored into database (matching the initial query from query log).
>
> Pharsing tcpdump is not going to be suitable for highly loaded system. I was
> more looking for a solution to log responses same way queryes are logged.
>
> Regards,
>
> On Thursday, June 23, 2011 09:44:46 pm Chuck Swiger wrote:
>> On Jun 23, 2011, at 12:16 PM, Stefan Certic wrote:
>>> Does anyone have idea on following... Apart from bind9 query log, is it
>>> possible to log response returned to client?
>> Sure: use tcpdump, wireshark, or another network sniffer of your choice and
>> observe DNS responses to the clients you're interested in. (Whether this
>> is better than using query logging is another question entirely.)
>>
The parsing can be done off-line.
Depending on your LAN structure, you might be able to capture the
packets off-box as well.
- Kevin
More information about the bind-users
mailing list