[dns-operations] Prevalence of query/response logging?

bert hubert bert.hubert at netherlabs.nl
Fri Jul 4 12:32:28 UTC 2014


On Fri, Jul 04, 2014 at 06:00:48PM +0700, Roland Dobbins wrote:
> 
> I know that some DNS operators disable logging of queries/responses due to

"almost all", I would suggest.

> the overhead of doing so - are most folks on this list with large-scale
> DNS recursive and/or authoritative DNS infrastructure disabling logging,
> enabling it, and/or logging queries/responses out-of-band via
> packet-capture taps, databases, etc.?

We've had great results with a format that stores all relevant details. It
is called PCAP. Much recommended for serious setups, especially if you can
do it out of band so it doesn't impact the servers itself.

I know Nominet has a very powerful packet logging setup that they plan to
offer commercially.

	Bert




More information about the dns-operations mailing list