Hi Robin,
Robin-Vossen wrote:
Hello,
I wonder is there a way to log all DNS requests that go out of our network
with Squid.
Since I noticed that we had a Trojan Horse on our Company Network.
And well it didnt send it self the data out.
It did send DNS Querys to there DNS Server..
And a Firewall doesnt detect that.
Is there a way to Log the DNS Querys with Squid so I can Monitor that
myself?
Are you runing Squid transparently? As Thomas pointed out, Squid does
not see DNS queries on your network. That's the job of your DNS servers
and your gateway firewall.
You can only log the DNS queries that your Squid box actually makes to
your DNS servers.
You can use the following option in your squid.conf:
dns_nameservers IP.OF.YOUR.DNSSERVER
One way is to run a local DNS caching name server on the Squid box
itself and point your clients machines to this caching name server which
then forwards the DNS requests to your actual DNS servers.
Probably the better way is to block the unwanted DNS queries on your DNS
servers or gateway firewall.
Just curious, which Trojan Horse did you detect in your network? When
you say that your firewall does not detect them, do you mean a firewall
running on your clients' machines or on your Gateway firewall itself?
Thanking you...
Thanks alot.
Cheers,
Robin
--
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
System Administrator
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
http://teklimbu.wordpress.com
