This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Any way to see DNS queries?

I am looking for dns request + answer, but the logs does not contain them. Is there anyway to log those, or just see them somehow in a file, or in the cache?

Thanks

This thread was automatically locked due to age.

0 BarryG over 14 years ago

Tcpdump would work.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 14 years ago

If you want to see DNS requests to public DNS, you can try creating a new PF rule for port 53 (UDP is the default, but there are some programs that will use TCP), make it rule # 1, be certain that logging is enabled for this rule.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 14 years ago

Also remember that if you've configured according to DNS Best Practice, most internal DNS requests will be satisfied by your internal name server's cache.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 x-cimo over 14 years ago in reply to BAlfson

For some reason it did not work, and not having a hub on my network, I used Cain to do ARP poisoning between the box and Astaro, then I was able to monitor the traffic I needed.

Thanks guys
Cancel
Vote Up 0 Vote Down

Cancel