[Samba] DNS logging for TLD queries?
L.P.H. van Belle
belle at bazuin.nl
Tue Jan 2 15:53:25 UTC 2018
Yes,, this is very welkom! Thanks Dennis!!
I've "Debianized" this a bit also.
It now matched the "adm" administrative group that is allowed to read the logs.
if [ ! -d /var/log/bind ]; then
install -d /var/log/bind -m 0750 -o bind -g adm
fi
if [ ! -e /etc/logrotate.d/bind ]; then
cat << EOF >> /etc/logrotate.d/bind
/var/log/bind/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 0640 bind adm
postrotate
systemctl reload bind9 > /dev/null
endscript
}
EOF
fi
And configure it as shown on the site.
Greetz and Happy New Year Everybody.
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> lingpanda101 via samba
> Verzonden: dinsdag 2 januari 2018 16:25
> Aan: Denis Cardon; samba at lists.samba.org
> Onderwerp: Re: [Samba] DNS logging for TLD queries?
>
> On 1/2/2018 2:50 AM, Denis Cardon wrote:
> > Hi LingPanda101,
> >
> >
> >> Is it possible to filter DNS queries for specific
> TLD's using the
> >> internal logging system? My IPS/IDS alerts me when a
> suspicious TLD is
> >> being queried. However I'm only able to see the DC as the source.
> >> Thanks.
> >>
> >> Ubuntu 14.04 Samba 4.7.3.
> >
> > First you should really upgrade to 4.7.4 (see recent changelog)
> >
> > Second, if you are not using Bind DLZ, you should set it
> up, it works
> > much better than the internal DNS engine.
> >
> > And third it is then just a matter of configuring Bind
> properly, you
> > can check our wiki at the following address (yeah, it's in
> French, but
> > it shouldn't be too much of a hassle for your favorite
> translation tool):
> >
> >
> https://dev.tranquil.it/wiki/SAMBA_-_Audit_requetes_DNS_et_logs_Bind9
> >
> > Actually we had exactly the same question from a client a few month
> > ago...
> >
> > Cheers, and happy new year 2018!
> >
> > Denis
> >
> >>
> >
> >
> Thanks Denis.
>
> I was trying to avoid Bind but will give it a go as I do require
> more insight into DNS.
>
> --
> --
> James
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list