Hey Tim,
On 2013-05-27, at 05:53 , Tim Parker <[email protected]> wrote:
> What's the best way to capture and analyze DNS queries and responses on my
> LAN? Are there any good tools out there for this? I can run a full capture
> on the WAN interface, but then what's good for automating the extraction of
> the DNS traffic?
I'll go for the default "it depends" answer and then qualify that. Are you
looking to capture queries and responses or queries, responses and who asked?
If you're not too concerned with who's asking and when exaclty something was
asked for, but rather a general "what IP was associated with this FQDN in the
past" type of deal, then I suggest you take a look at passive DNS.
ISC, the makers of BIND & al, have released the source to their implementation.
Take a look here for more details:
https://sie.isc.org/Passive_DNS/
The more traffic your caching resolvers get, the more interesting stuff you
might be able to pull out from the pDNS data. YMMV, but I urge you to take a
peek if you haven't done so in the past.
Cheers,
Harri
--
Harri Sylvander
[email protected]
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
