Thanks Phil, You are right it's not a BIND issue :)
I am a BIND user myself, and I was wondering how other BIND users have copied when they've had to deal with Windows DNS servers like this. I appreciate any response to be honest. I have a colleague who has said he has a parts of a PCAP to BIND query log agent that runs on UNIX platforms, and he is happy to port that to Windows for me - he's actually working on it now (for a few beers :) ). Basically it just listens on port 53 and streams the data over TCP syslog, i.e. doesn't write to disk but queues in memory with a limit. It also logs responses for certain record types which is nice. I'll give that a try, sounds like it will give me query logging formatted logs, which I can push into pretty much anything :) Many thanks Mick On 23 Jul 2017 3:06 p.m., "Phil Mayers" <p.may...@imperial.ac.uk> wrote: On 22/07/2017 07:33, Mick Lee wrote: > Hi Guys, > > Can anyone offer any advice based on their experience? > Well, if I understand correctly, your main problem is the windows boxes running windows DNS, so this is not a bind problem. You might be better asking elsewhere. However, honestly I would consider moving the traffic from the windows boxes elsewhere to somewhere you can log. There are great tools for doing this but they're all unix-oriented e.g. dnsdist, dnscap. I guess you could try and get one of those running on a Windows box, but for the effort involved on about 100 servers, you might as well just spin up a recursive resolver that you *can* instrument, and point all the boxes at that. Regards, Phil _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
