Enable query logging, then:
cat queries.log | grep 'query: example.com' | awk '{print $6}' | sed
's/#.*//' | sort -n | uniq -c | sort -rn | head -100 | more
or something similar?
W
On Mar 20, 2011, at 10:09 AM, babu dheen wrote:
> Hi,
>
> I am getting below status on this command.. Only internal DNS servers are
> allowed to query our gateway DNS server as client.
>
> number of zones: 12
> debug level: 0
> xfers running: 0
> xfers deferred: 0
> soa queries in progress: 0
> query logging is ON
> recursive clients: 1/1000
> tcp clients: 0/100
> server is up and running
>
>
> --- On Sun, 20/3/11, terry <te...@list.dnsbed.com> wrote:
>
> From: terry <te...@list.dnsbed.com>
> Subject: Re: Need help on DNS reporter
> To: "babu dheen" <babudh...@yahoo.co.in>
> Cc: bind-users@lists.isc.org
> Date: Sunday, 20 March, 2011, 12:42 PM
>
> How will "rndc status" take something good for you?
>
>
>
> 2011/3/20 babu dheen <babudh...@yahoo.co.in>
> Hi,
>
> Can anyone let me know is there any open source software available to
> generate report for DNS service based on DNS BIND query logs.
>
> We have BIND DNS running RHEL 5.0. Would like to generate report based on its
> logs so that we can identify list of clients quering external domains and its
> query count.
>
> Many clients in our company infected with malware which thus send unnecessary
> query to remote external domain (non available domain). So if we have any
> software which can generate the report from DNS BIND logs, will be very
> helpful.
>
>
> Regards
> Babu
>
>
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> --
> www.DNSbed.com
>
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
