[dns-operations] Prevalence of query/response logging?

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Jul 4 11:44:24 UTC 2014


On Fri, Jul 04, 2014 at 06:00:48PM +0700,
 Roland Dobbins <rdobbins at arbor.net> wrote 
 a message of 23 lines which said:

> I know that some DNS operators disable logging of queries/responses
> due to the overhead of doing so

Logging in the name server itself is typically very slow, take
resources and, more seriously, add a new feature (which means new bugs
and new security issues) to a critical software. So, indeed, it should
not be done.

> and/or logging queries/responses out-of-band via packet-capture
> taps, databases, etc.?

Following OARC workshops, it seems many operators of authoritative
name servers log everything, with capture taps + a
NoSQL-bigdata-thing.

There are also captures of traffic at recursors, for instance
Farsight' SIE, which logs the answers, and have interesting services
on the top of it (such as DNSDB).




More information about the dns-operations mailing list