[Samba] DNS logging for TLD queries?
lingpanda101 at gmail.com
Tue Jan 2 15:25:30 UTC 2018
On 1/2/2018 2:50 AM, Denis Cardon wrote:
> Hi LingPanda101,
>> Is it possible to filter DNS queries for specific TLD's using the
>> internal logging system? My IPS/IDS alerts me when a suspicious TLD is
>> being queried. However I'm only able to see the DC as the source.
>> Ubuntu 14.04 Samba 4.7.3.
> First you should really upgrade to 4.7.4 (see recent changelog)
> Second, if you are not using Bind DLZ, you should set it up, it works
> much better than the internal DNS engine.
> And third it is then just a matter of configuring Bind properly, you
> can check our wiki at the following address (yeah, it's in French, but
> it shouldn't be too much of a hassle for your favorite translation tool):
> Actually we had exactly the same question from a client a few month
> Cheers, and happy new year 2018!
I was trying to avoid Bind but will give it a go as I do require
more insight into DNS.
More information about the samba