I'm trying to filter out logs to look for suspicious outbound traffic to external websites. On the DNS server I can setup debug logging, but I don't see a way to view the originating source of the computer making the DNS request to the server. Is there a way to capture this data to learn the source IP address of DNS requests arriving at my server?
- Create a IPSEC rule between two servers and still allow normal external traffic
- Wireshark filter to only capture Incoming Packets
- Windows – DNS recursion is insecure, but necessary for internal applications
- Prevent Apache2 from logging robots and image requests
- Windows Advanced Firewall – adding Authorized Computers breaks rule
- Bind Requested DNS Server IP Log