[Bro] reverse DNS based on bro's forward DNS query log
stephane.chazelas at gmail.com
Fri Aug 24 07:41:40 PDT 2012
2012-08-23 11:15:23 -0400, Seth Hall:
> On Aug 23, 2012, at 10:48 AM, Stephane Chazelas <stephane.chazelas at gmail.com> wrote:
> > $ tail -1 dns.log
> > 1345732627.030897 jUJU3ZwGOv4 x.x.x.x 54866 x.x.x.x 53 udp 44687 static.ak.facebook.com 1 C_INTERNET 1 A 0 NOERROR F F
> > F T T 0 static.ak.facebook.com.edgesuite.net,a749.dsw4.akamai.net,18.104.22.168,22.214.171.124 3364.000000,348.000000,15.000000,15.000000
> > $ dig -x 126.96.36.199 +short
> > static.ak.facebook.com.C-EU.120823T143707.
> That's cool! Definitely send along anything you can. I'm sure that quite a few people will be interested in this (I am).
Here you go:
please test and tell me what you think.
More information about the Bro