[Samba] DNS logging for TLD queries?

Denis Cardon dcardon at tranquil.it
Wed Jan 3 16:52:25 UTC 2018

Hi LingPanda101,

>     You were correct. Thanks.
> Logging appears to be working per Denis instructions.

There may be some mix-up between CentOS and Debian conf on that page, 
I'll double check tomorrow.

 > However the client
> is identified by it's A record. Any way to have it resolve to it's
> Netbios or DNS name in the logs?

As far as NetBIOS is concerned, just try to kill it, it will be better 
for humanity :-)

I'd say that the IP address is the best thing to have in the log as it 
is the only reliable information the DNS server has when it receive a 
request (if we put aside UDP source ip spoofing...). You can then 
post-process the log in a SIEM with information from DHCP and reverse 
DNS. But even then DHCP and reverse DNS cannot be completely reliable 
unless you add in some 802.1x and strong authentication in the mix.



Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0)

More information about the samba mailing list