[dns-operations] DNS Hosting and Logging

Fred Morris m3047 at m3047.net
Mon Oct 12 15:15:42 UTC 2015

On Mon, 12 Oct 2015, Ray Van Dolson wrote:
> For those of you in the Enterprise space, do you find value in having
> at least partial visibility into detailed information on external
> queries?

Anybody who's really serious about threat indicators should be watching
DNS for anomalies ("full stack": not just what queries are we making, but
where are those queries being directed).

Having access to DNS logs is part of this: although one ought to be able
to achieve a lot of it via DPI, it's often more efficient to be able to
have the resolver logging this.

Here is a one link... I'm sure you can find other articles out there.



Fred Morris

More information about the dns-operations mailing list