[Samba] DNS logging for TLD queries?
Denis Cardon
dcardon at tranquil.it
Tue Jan 2 07:50:03 UTC 2018
Hi LingPanda101,
> Is it possible to filter DNS queries for specific TLD's using the
> internal logging system? My IPS/IDS alerts me when a suspicious TLD is
> being queried. However I'm only able to see the DC as the source. Thanks.
>
> Ubuntu 14.04 Samba 4.7.3.
First you should really upgrade to 4.7.4 (see recent changelog)
Second, if you are not using Bind DLZ, you should set it up, it works
much better than the internal DNS engine.
And third it is then just a matter of configuring Bind properly, you can
check our wiki at the following address (yeah, it's in French, but it
shouldn't be too much of a hassle for your favorite translation tool):
https://dev.tranquil.it/wiki/SAMBA_-_Audit_requetes_DNS_et_logs_Bind9
Actually we had exactly the same question from a client a few month ago...
Cheers, and happy new year 2018!
Denis
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list