On 03. 05. 22 10:56, Gaurav Kansal wrote:
Or if you are ready to take some pain, then take the mirror from the
network side, parse the packets and you can achieve whaterver you want
to do, build beautiful graphs, have reports and what not.
This will also help in reducing the load on your DNS node by disabling
the logging completely and you can achieve high QPS.
One such tool which can do all for you is dnsmonster -
https://github.com/mosajjal/dnsmonster
<https://github.com/mosajjal/dnsmonster> . Just send mirror traffic to
this and it will do everything for you.
The major problem with packet mirroring and parsing is that it is
unusable for encrypted transports. For that very reason I think dnstap
is the way to go.
--
Petr Špaček
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
