logging of desination ip-address ? - DNS

This is a discussion on logging of desination ip-address ? - DNS ; While bind9 allows fine-grained control of ip-address usage listen-on query-source transfer-source and so forth, the destination address is not logged. For example I recently wanted to find out whether cisco boomerang dns spurious ./NS (mainly from China) spurious A.ROOT-SERVERS.NET/A (from ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: logging of desination ip-address ?

  1. logging of desination ip-address ?

    While bind9 allows fine-grained control of ip-address usage
    listen-on
    query-source
    transfer-source
    and so forth, the destination address is not logged.

    For example I recently wanted to find out whether
    cisco boomerang dns
    spurious ./NS (mainly from China)
    spurious A.ROOT-SERVERS.NET/A (from China & Japan)
    queries were arriving at the resolving or authoritative ip-address
    of our name-servers, and I ended up using tcpdump. Luckily there
    was at least one well-known source address for each of these types.

    I think it could be useful to have a compile-time option enabling
    whether query/update logging included destination ip/port.

    Danny

    --
    d.thomas@its.uq.edu.au Danny Thomas,
    +61-7-3365-8221 Software Infrastructure,
    http://www.its.uq.edu.au ITS, The University of Queensland



  2. Re: logging of desination ip-address ?

    In article ,
    Danny Thomas wrote:

    > While bind9 allows fine-grained control of ip-address usage
    > listen-on
    > query-source
    > transfer-source
    > and so forth, the destination address is not logged.
    >
    > For example I recently wanted to find out whether
    > cisco boomerang dns
    > spurious ./NS (mainly from China)
    > spurious A.ROOT-SERVERS.NET/A (from China & Japan)
    > queries were arriving at the resolving or authoritative ip-address
    > of our name-servers, and I ended up using tcpdump. Luckily there
    > was at least one well-known source address for each of these types.
    >
    > I think it could be useful to have a compile-time option enabling
    > whether query/update logging included destination ip/port.


    Can't you do this with trace logging?

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***



+ Reply to Thread