Web lists-archives.com

Re: [Samba] DNS logging for TLD queries?




On 1/2/2018 2:50 AM, Denis Cardon wrote:
Hi LingPanda101,


    Is it possible to filter DNS queries for specific TLD's using the
internal logging system? My IPS/IDS alerts me when a suspicious TLD is
being queried. However I'm only able to see the DC as the source.  Thanks.

Ubuntu 14.04 Samba 4.7.3.

First you should really upgrade to 4.7.4 (see recent changelog)

Second, if you are not using Bind DLZ, you should set it up, it works much better than the internal DNS engine.

And third it is then just a matter of configuring Bind properly, you can check our wiki at the following address (yeah, it's in French, but it shouldn't be too much of a hassle for your favorite translation tool):

https://dev.tranquil.it/wiki/SAMBA_-_Audit_requetes_DNS_et_logs_Bind9

Actually we had exactly the same question from a client a few month ago...

Cheers, and happy new year 2018!

Denis




Thanks Denis.

    I was trying to avoid Bind but will give it a go as I do require more insight into DNS.

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba