[Samba] DNS logging for TLD queries?
Denis Cardon
dcardon at tranquil.it
Wed Jan 3 16:52:25 UTC 2018
Hi LingPanda101,
> You were correct. Thanks.
>
> Logging appears to be working per Denis instructions.
There may be some mix-up between CentOS and Debian conf on that page,
I'll double check tomorrow.
> However the client
> is identified by it's A record. Any way to have it resolve to it's
> Netbios or DNS name in the logs?
As far as NetBIOS is concerned, just try to kill it, it will be better
for humanity :-)
I'd say that the IP address is the best thing to have in the log as it
is the only reliable information the DNS server has when it receive a
request (if we put aside UDP source ip spoofing...). You can then
post-process the log in a SIEM with information from DHCP and reverse
DNS. But even then DHCP and reverse DNS cannot be completely reliable
unless you add in some 802.1x and strong authentication in the mix.
Cheers,
Denis
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list