[Zeek] DNS forwarding + weird.log
Michael Alaly
michael.alaly at gmail.com
Wed Dec 26 11:41:41 PST 2018
Does anyone have a recommended way to handle a sensor that also runs a DNS
resolver/forwarder?
Since the requests "originate" at the sensor there is no other side of the
traffic for Zeek to see. This generates a weird.log possible_split_routing
entry for every forwarded DNS request.
Is this generally avoided by moving DNS off the firewall/sensor, or are
there other ways of handling this?
Thanks,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20181226/cc134358/attachment.html
More information about the Zeek
mailing list