The .SE Registry has created a solution that stores queries and answers.
<QUOTE>
PacketQ (replaces DNS2DB)
PacketQ is a tool for analyzing PCAP-data, if can work with any packets
but is designed primarily for DNS and ICMP-traffic. PacketQ reads,
filters and groups the packets read from the PCAP-files using standard
SQL-queries. The tool is built in C for performance and portability. The
distribution also includes a simple interactive GUI for analyzing the
collected data.
http://github.com/dotse/packetq
</QUOTE>
Stefan Certic skrev 2011-06-23 22:27:
Thanks Chuck
Yes, that would be a solution, but i need logs processed through syslog and
stored into database (matching the initial query from query log).
Pharsing tcpdump is not going to be suitable for highly loaded system. I was
more looking for a solution to log responses same way queryes are logged.
Regards,
On Thursday, June 23, 2011 09:44:46 pm Chuck Swiger wrote:
On Jun 23, 2011, at 12:16 PM, Stefan Certic wrote:
Does anyone have idea on following... Apart from bind9 query log, is it
possible to log response returned to client?
Sure: use tcpdump, wireshark, or another network sniffer of your choice and
observe DNS responses to the clients you're interested in. (Whether this
is better than using query logging is another question entirely.)
Regards,
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
