Yup. But if the DNS infra is under my control, then definitely the keys (which i have used for encryption) will also be with me. Am i missing something here ? 🧐
— Gaurav Kansal > On 03-May-2022, at 14:40, Petr Špaček <pspa...@isc.org> wrote: > > On 03. 05. 22 10:56, Gaurav Kansal wrote: >> Or if you are ready to take some pain, then take the mirror from the network >> side, parse the packets and you can achieve whaterver you want to do, build >> beautiful graphs, have reports and what not. >> This will also help in reducing the load on your DNS node by disabling the >> logging completely and you can achieve high QPS. >> One such tool which can do all for you is dnsmonster - >> https://github.com/mosajjal/dnsmonster >> <https://github.com/mosajjal/dnsmonster> . Just send mirror traffic to this >> and it will do everything for you. > The major problem with packet mirroring and parsing is that it is unusable > for encrypted transports. For that very reason I think dnstap is the way to > go. > > -- > Petr Špaček > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
