Logging DNS Requests & Logging DNS Response

Hi

I want to log all DNS response that my DNS server answer to it.

For example, a DNS query is www.gg.com and IP for that DNS name is 1.1.1.1, I want to log both of them.

How do I log DNS respone?

(Logging DNS request is configured)

Thanks

MidasAuthor

New Member

We can do it in two way:

1. Configuring an IPS signature for Logging DNS queries:

F-SBID( --attack_id 4153; --name DOM-ALL; --protocol udp; --service dns; --log DNS_QUERY;)

2. Configuring DNS filter for both DNS query and respone

IF want to block a domain:

F-SBID( --attack_id 4058; --name midas.com; --protocol udp; --service dns; --pattern midas.com; --context host; --no_case; --default_action drop;)

Sign up