[dns-operations] Question regarding DNS query logging

Fred Morris m3047 at m3047.net
Thu Mar 17 00:12:47 UTC 2011


On Monday 14 March 2011 16:13, Colm MacCárthaigh wrote:
> It's probably prudent to consider the
> implications for user privacy, and any relevant jurisdictional or
> legal data protection issues which arise, before doing this.

Yes...

> In some jurisdictions, data protection commissioners, and other
> regulators, have made it clear that it can be considered a breach of
> relevant acts.

Considering the pervasive fact of passive DNS, not much more than prudence. 
The rule there seems to be not to capture who made the request.


On Monday 14 March 2011 15:51, Michael Skurka wrote:
> [...]
> At the moment, I'm having to battle management to get any visibility into
> our DNS servers.  Turning on query logging is the least-cost overall at the
> moment (CPU, network, storage, admin resources).

Notwithstanding the foregoing, and IANAL, but since you're in Texas and if 
what you're monitoring is requests from inside your organization then 
capturing the requestor's IPs for certain determined-to-be-bad FQDNs could be 
a useful and perhaps eye-opening exercise to discover machines which might be 
phoning home to malware C&Cs.

--

Fred Morris





More information about the dns-operations mailing list