Linux – Monitor DNS queries of all hosts in LAN

domain-name-systemlinuxnetwork-monitoring

We have a simple setup: Some workstations (Mac and Linux) and a gateway router. For statistics and security purposes I want to watch all DNS queries done in our intranet. Unfortunately the gateway router is not capable of logging DNS traffic in a sufficient manner. What is the best way to accomplish this?

Best Answer

Setup a DNS server on hardware, and enable logging. Force all your clients to use it with configuration combined with firewall rules blocking clients from access DNS servers other then your DNS server.

Related Solutions

Linux DNS Client Update Tool – Comprehensive Guide

Make sure nsupdate is installed, then use it to register your names. The one problem with nsupdate is that you are going to need to permit non-secure dynamic updates. Unless your platform supports nsupdate-gss, and your linux machines are setup with kerberos to be part of the domain.

I have a script that looks like somewhat like this I use in a couple situations, like dynamic registration of OpenVPN clients. In the real script, the IP and actual hostname comes from the vpn server. If you are using a Debian based distribution it would be pretty easy to tweak this script and place it in /etc/network/if-up.d/.

#/bin/bash

dnssrv="192.168.47.12"   # the dns server that will accept the ddns request.
zone="dyn.example.org"   # the name of the zone
ttl="7200"               # 
hostname=`hostname`      # the name of your local host
ip='192.168.47.193'      # IP of the host

(
 echo "server ${dnssrv}"
 echo "zone ${zone}"
 echo "update delete ${farm}"
 echo "update add ${hostname}.${zone} ${ttl} A ${ip}"
 echo "send"
) | /usr/bin/nsupdate

Another alternative may be to just use DHCP for both interfaces at to setup reservations.

Best Answer

Related Solutions

Linux DNS Client Update Tool – Comprehensive Guide

Related Topic