Re: [Samba] DNS logging for TLD queries?
- Date: Tue, 2 Jan 2018 16:53:25 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] DNS logging for TLD queries?
Yes,, this is very welkom! Thanks Dennis!!
I've "Debianized" this a bit also.
It now matched the "adm" administrative group that is allowed to read the logs.
if [ ! -d /var/log/bind ]; then
install -d /var/log/bind -m 0750 -o bind -g adm
if [ ! -e /etc/logrotate.d/bind ]; then
cat << EOF >> /etc/logrotate.d/bind
create 0640 bind adm
systemctl reload bind9 > /dev/null
And configure it as shown on the site.
Greetz and Happy New Year Everybody.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> lingpanda101 via samba
> Verzonden: dinsdag 2 januari 2018 16:25
> Aan: Denis Cardon; samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] DNS logging for TLD queries?
> On 1/2/2018 2:50 AM, Denis Cardon wrote:
> > Hi LingPanda101,
> >> Is it possible to filter DNS queries for specific
> TLD's using the
> >> internal logging system? My IPS/IDS alerts me when a
> suspicious TLD is
> >> being queried. However I'm only able to see the DC as the source.
> >> Thanks.
> >> Ubuntu 14.04 Samba 4.7.3.
> > First you should really upgrade to 4.7.4 (see recent changelog)
> > Second, if you are not using Bind DLZ, you should set it
> up, it works
> > much better than the internal DNS engine.
> > And third it is then just a matter of configuring Bind
> properly, you
> > can check our wiki at the following address (yeah, it's in
> French, but
> > it shouldn't be too much of a hassle for your favorite
> translation tool):
> > Actually we had exactly the same question from a client a few month
> > ago...
> > Cheers, and happy new year 2018!
> > Denis
> Thanks Denis.
> I was trying to avoid Bind but will give it a go as I do require
> more insight into DNS.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the