On 06/23/2011 09:27 PM, Stefan Certic wrote:
Thanks Chuck
Yes, that would be a solution, but i need logs processed through syslog and
stored into database (matching the initial query from query log).
Pharsing tcpdump is not going to be suitable for highly loaded system. I was
more looking for a solution to log responses same way queryes are logged.
The problem is that queries and responses are not the same type of
thing. A query contains a single question, and is usually relatively
small. A response can contain multiple answers, and multiple types of
answer, and with DNSSEC they can get big.
There's no inherent reason parsing tcpdump needs to be slow. It's
written in C.
Anyway: bind itself cannot log answers. You will need to patch the
source if you want this.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
