Web lists-archives.com

Re: [Samba] DNS logging for TLD queries?




Hi LingPanda101,

    You were correct. Thanks.

Logging appears to be working per Denis instructions.

There may be some mix-up between CentOS and Debian conf on that page, I'll double check tomorrow.

> However the client
is identified by it's A record. Any way to have it resolve to it's
Netbios or DNS name in the logs?

As far as NetBIOS is concerned, just try to kill it, it will be better for humanity :-)

I'd say that the IP address is the best thing to have in the log as it is the only reliable information the DNS server has when it receive a request (if we put aside UDP source ip spoofing...). You can then post-process the log in a SIEM with information from DHCP and reverse DNS. But even then DHCP and reverse DNS cannot be completely reliable unless you add in some 802.1x and strong authentication in the mix.

Cheers,

Denis

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba