Re: [Samba] DNS logging for TLD queries?
- Date: Tue, 2 Jan 2018 10:25:30 -0500
- From: lingpanda101 via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] DNS logging for TLD queries?
On 1/2/2018 2:50 AM, Denis Cardon wrote:
Is it possible to filter DNS queries for specific TLD's using the
internal logging system? My IPS/IDS alerts me when a suspicious TLD is
being queried. However I'm only able to see the DC as the source.
Ubuntu 14.04 Samba 4.7.3.
First you should really upgrade to 4.7.4 (see recent changelog)
Second, if you are not using Bind DLZ, you should set it up, it works
much better than the internal DNS engine.
And third it is then just a matter of configuring Bind properly, you
can check our wiki at the following address (yeah, it's in French, but
it shouldn't be too much of a hassle for your favorite translation tool):
Actually we had exactly the same question from a client a few month
Cheers, and happy new year 2018!
I was trying to avoid Bind but will give it a go as I do require
more insight into DNS.
To unsubscribe from this list go to the following URL and read the