One thing to consider with a DNS query to mapping system is the effect of DNS caching. Many systems now have local caches, so you will only see the DNS lookup once. For the traffic flows. you might want to look at netflow. It can be setup to send the data to a collector system and you will be able to see addresses, bandwidth, protocol types.
Walter On Wed, Feb 22, 2017 at 6:44 PM, Richard A. Relph <rich...@relphs.com> wrote: > Hi, > I have to believe this doable on an SG-2440. But I don’t have the > expertise to implement it. > I have configured the software to force all DNS connections through > the SG-2440 (except for 1 or 2 IoT devices that seem to insist on talking > to their manufacturer’s DNS servers - bad form, in my opinion.) > What I’d like to do now is monitor all outgoing traffic and pair the > IP address it is destined for against the DNS requests. > I’d further like at least a report - and possibly block - outbound > traffic that is destined for a “hard-coded” IP address. > And, naturally, I’d like a report of all DNS requests and how much > traffic is exchanged with each and when. > The effort is an attempt to discover software running inside my > network that might be “undesirable”. > Any pointers, suggested reading, etc. would be greatly appreciated. > I’m not incompetent, just uneducated. > Thanks, > Richard > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
