On Fri, 4 Jul 2014 18:00:48 +0700 Roland Dobbins <[email protected]> wrote:
> I know that some DNS operators disable logging of queries/responses > due to the overhead of doing so - are most folks on this list with > large-scale DNS recursive and/or authoritative DNS infrastructure > disabling logging, enabling it, and/or logging queries/responses > out-of-band via packet-capture taps, databases, etc.? I've done all of the above. I like to think I was one of the earlier of adopters of enabling query logging at two reasonably large .edu institutions, which are still enabled as far as I know. This was for both authoritative and recursive, but recursive query logs were generally more interesting and useful to me at the time. I know a handful of folks who avoided doing query logging and continue to based on the assumption that it is too resource intensive, which may be true for some, but is not universally true and less true than I think many people realize. I had found syslog-ng was a much better alternative daemon on both the logging client and collector for a variety of reasons. On the client, I had found it to require less of the CPU than the stock syslog daemon at the time (Linux and Solaris systems). pcap-based solutions have been helpful for passive dns style projects, which tend not to be be strictly for network operations, but more research and insight oriented tasks. John _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
