[dns-operations] DNS Hosting and Logging
Fred Morris
m3047 at m3047.net
Mon Oct 12 15:15:42 UTC 2015
On Mon, 12 Oct 2015, Ray Van Dolson wrote:
> For those of you in the Enterprise space, do you find value in having
> at least partial visibility into detailed information on external
> queries?
Anybody who's really serious about threat indicators should be watching
DNS for anomalies ("full stack": not just what queries are we making, but
where are those queries being directed).
Having access to DNS logs is part of this: although one ought to be able
to achieve a lot of it via DPI, it's often more efficient to be able to
have the resolver logging this.
Here is a one link... I'm sure you can find other articles out there.
https://www.linkedin.com/pulse/dns-power-classification-lance-james
--
Fred Morris
More information about the dns-operations
mailing list