Monitor Bind connection
This is a discussion on Monitor Bind connection within the Linux Security forums, part of the System Security and Security Related category; How do I monitor who is connecting to my DNS server and what they are requesting? I'm running Redhat ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-23-2004
|
|||
|
|||
Re: Monitor Bind connection
Hi....have you tried;
tcpdump -s 1200 port 53??? or use ethereal with the port 53 filter??? "Shabam" <blislecp@hotmail.com> wrote in message news:8MudnQQ1WdkkeJ3cRVn-jQ@adelphia.com... > How do I monitor who is connecting to my DNS server and what they are > requesting? I'm running Redhat 7.1 with Bind 8. Thanks. > > 
|
|
07-29-2004
|
|||
|
|||
|
Re: Monitor Bind connection
You could try with 'rndc querylog'. It'll log all requests via syslog.
IPTables (with or without ulogd) might be one way to go. Just be careful not to expose your self for DOSing because of excessive logging. "Shabam" <blislecp@hotmail.com> wrote in message news:8MudnQQ1WdkkeJ3cRVn-jQ@adelphia.com... > How do I monitor who is connecting to my DNS server and what they are > requesting? I'm running Redhat 7.1 with Bind 8. Thanks. > >
|
Linear Mode
