How can I create logs of every DNS query that my computer makes along with the responses it gets?
How to log all the DNS queries
dnslogs
Related Solutions
There are no provisions in BIND to log answers for queries at all with the logging directive.
Furthermore, aside privacy considerations, it can be more efficient for the DNS service to log them remotely instead of in a file.
Often people are running dnscap to capture/sniff DNS queries for security analysis.
dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap(3) format. This utility is similar to tcpdump(1), but has a number of features tailored to DNS transactions and protocol options.
There is also a capture/logging functionality called dnstap, but it is only present in certain versions of BIND, and appears to be officially always included after the last version of BIND (at this time 9.11) which might not yet be adopted in several distributions, and thus involves compiling BIND.
It is more interesting, as it integrates with BIND, and less taxing on resources than dnscap.
dnstap is a solution which introduces a flexible, binary log-format for DNS servers together with Protocol Buffers, a mechanism for serializing structured data. Robert Edmonds had the idea for dnstap and created the first implementation with two specific use cases in mind:
- make query-logging faster by eliminating synchronous I/O bottlenecks and message formatting
- avoid complicated state reconstruction by capturing full messages instead of packets for passive DNS
From DNS query/response logging with dnstap
options {
dnstap { all; };
// dnstap { auth; resolver query; resolver response; };
/* where to capture to: file or unix (socket) */
// dnstap-output file "/tmp/named.tap";
dnstap-output unix "/var/run/dnstap.sock";
dnstap-identity "tiggr";
dnstap-version "bind-9.11.2";
};
Best Answer
You can have
tcpdumplog all port 53 UDP and TCP activity.