[dns-operations] Question regarding DNS query logging

Michael Skurka Michael.Skurka at LCRA.ORG
Mon Mar 14 19:41:55 UTC 2011

I'm an Information Security Analyst for an energy company here in central Texas.  To date, we've not logged any of our DNS queries.  We're interested in "opening the fire hose" to do some analysis (pretty graphs for management and looking for potential threats, i.e. malware trying to "phone home").

We have about 2500 internal workstations and servers that hit our internal DNS servers.  Our external-facing DNS is done off-site and we aren't concerned with them at the moment.

Does anyone in a similar sized company have any estimates (a rough ballpark is fine) how much data we'd be looking at collecting on a weekly or monthly basis?


Michael Skurka
Information Security Analyst Sr
Lower Colorado River Authority, Austin TX
Orwell was an optimist!

More information about the dns-operations mailing list