Need help on DNS reporter
Warren Kumari
warren at kumari.net
Sun Mar 20 14:40:00 UTC 2011
Enable query logging, then:
cat queries.log | grep 'query: example.com' | awk '{print $6}' | sed 's/#.*//' | sort -n | uniq -c | sort -rn | head -100 | more
or something similar?
W
On Mar 20, 2011, at 10:09 AM, babu dheen wrote:
> Hi,
>
> I am getting below status on this command.. Only internal DNS servers are allowed to query our gateway DNS server as client.
>
> number of zones: 12
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 0
> query logging is ON
> recursive clients: 1/1000
> tcp clients: 0/100
> server is up and running
>
>
> --- On Sun, 20/3/11, terry <terry at list.dnsbed.com> wrote:
>
> From: terry <terry at list.dnsbed.com>
> Subject: Re: Need help on DNS reporter
> To: "babu dheen" <babudheen at yahoo.co.in>
> Cc: bind-users at lists.isc.org
> Date: Sunday, 20 March, 2011, 12:42 PM
>
> How will "rndc status" take something good for you?
>
>
>
> 2011/3/20 babu dheen <babudheen at yahoo.co.in>
> Hi,
>
> Can anyone let me know is there any open source software available to generate report for DNS service based on DNS BIND query logs.
>
> We have BIND DNS running RHEL 5.0. Would like to generate report based on its logs so that we can identify list of clients quering external domains and its query count.
>
> Many clients in our company infected with malware which thus send unnecessary query to remote external domain (non available domain). So if we have any software which can generate the report from DNS BIND logs, will be very helpful.
>
>
> Regards
> Babu
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> --
> www.DNSbed.com
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list