On 23/07/2017 15:16, Mick Lee wrote:
I have a colleague who has said he has a parts of a PCAP to BIND query log agent that runs on UNIX platforms, and he is happy to port that to Windows for me - he's actually working on it now (for a few beers :) ).
dnscap basically does the same thing. No idea how easy it would be to run under Windows.
Absent changes to the resolving setup, I think that a capture/tap is probably your only realistic option.
Depending on your architecture (physical, virtual, topology) the tap could live on another box, if all you need is to know that server A made a query for badzone B.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
