Logging with Unencrypted DNS, DoT and DoH

2024-09-17 Thread Bischof, Ralph F. (MSFC-IS64)[AEGIS] via bind-users 
Hello,

BIND 9.18.7
RHEL 8.10 (Oopta)

I am being asked if it is possible to differentiate the percentage of queries 
coming into a server that are unencrypted, DoT and DoH.
Example: For a given 24 hours, 50% were 53, 25% were 853 and 25% were 443.
I cannot find a difference in the query logs to show how the query came into 
the server. My only thought at the moment is to run 'tcpdump' on all of the 
servers and script something.
Is there some way that I just have not found within BIND?
My apologies if this has been asked previously.

Thank you,
Ralph F. Bischof, Jr. | Leidos
DDI Service Architect
Digital Modernization Sector

ralph.bisc...@nasa.gov | 
www.leidos.com
+1 (256) 682-9145 M



-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Logging with Unencrypted DNS, DoT and DoH

2024-09-17 Thread Richard T.A. Neal 
Hi Ralph,

I don't believe this is presently possible but it's being considered for future 
development. Please see the following Issue Ticket for more details:

https://gitlab.isc.org/isc-projects/bind9/-/issues/2748

Best,

Richard.

From: bind-users  On Behalf Of Bischof, Ralph 
F. (MSFC-IS64)[AEGIS] via bind-users
Sent: 17 September 2024 9:40 pm
To: bind-users@lists.isc.org
Subject: Logging with Unencrypted DNS, DoT and DoH

Hello,

BIND 9.18.7
RHEL 8.10 (Oopta)

I am being asked if it is possible to differentiate the percentage of queries 
coming into a server that are unencrypted, DoT and DoH.
Example: For a given 24 hours, 50% were 53, 25% were 853 and 25% were 443.
I cannot find a difference in the query logs to show how the query came into 
the server. My only thought at the moment is to run 'tcpdump' on all of the 
servers and script something.
Is there some way that I just have not found within BIND?
My apologies if this has been asked previously.

Thank you,
Ralph F. Bischof, Jr. | Leidos
DDI Service Architect
Digital Modernization Sector

ralph.bisc...@nasa.gov | 
www.leidos.com
+1 (256) 682-9145 M



-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Logging with Unencrypted DNS, DoT and DoH

2024-09-17 Thread John W. Blue via bind-users 
Ralph,

You already may be aware of the BIND webinar's put on by ISC and presented by 
Carsten:

https://www.isc.org/docs/BIND_9webinar2.pdf
https://www.youtube.com/watch?v=7Uu6XvY68SM

If not, spend some time watching the video and would like to point out that 
slide 12 lists several COTS vendors that are able to consume the named.stats 
output.

John


From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of 
Bischof, Ralph F. (MSFC-IS64)[AEGIS] via bind-users
Sent: Tuesday, September 17, 2024 3:40 PM
To: bind-users@lists.isc.org
Subject: Logging with Unencrypted DNS, DoT and DoH

Hello,

BIND 9.18.7
RHEL 8.10 (Oopta)

I am being asked if it is possible to differentiate the percentage of queries 
coming into a server that are unencrypted, DoT and DoH.
Example: For a given 24 hours, 50% were 53, 25% were 853 and 25% were 443.
I cannot find a difference in the query logs to show how the query came into 
the server. My only thought at the moment is to run 'tcpdump' on all of the 
servers and script something.
Is there some way that I just have not found within BIND?
My apologies if this has been asked previously.

Thank you,
Ralph F. Bischof, Jr. | Leidos
DDI Service Architect
Digital Modernization Sector

ralph.bisc...@nasa.gov | 
www.leidos.com
+1 (256) 682-9145 M



-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users