Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A capture file for logging DNS queries and responses is rolled over based on the configured time limit or when the file reaches 100 MB in size, whichever is sooner. The default time limit is 10 minutes. The capture file is automatically saved and exported to an FTP or SCP server based on your configuration. When you configure the appliance to save the capture file locally and later enable FTP or SCP, the appliance copies all the data starting with the oldest data. Infoblox recommends that you constantly monitor the FTP or SCP server to ensure that it has sufficient disk space. DNS queries and responses are stored on the appliance if the FTP or SCP server becomes unreachable. The maximum storage capacity varies based on the appliance model. After reaching the maximum limit, the appliance overwrites the old data with the new one. For information about the maximum hard drive space, see the table below. The amount of data captured depends on the DNS query rate and the domains that are included in or excluded from the capture. For information about how to exclude domains, see Excluding Domains From Query and Response Capture.

You can also use the dnstap log format to achieve performance query logging. If you choose to enable the dnstap log format, you will not be able to capture queries and responses using the Data connector for all DNS Queries/Responses to a Domainfields. And if you use the Data connector for all DNS Queries/Responses to a Domainfields for query capture, the DNSTAP settings for DNS Queries/Responses fields will be disabled. To use dnstap log format, see Logging DNS Queries and ResponsesFor information about dnstap implementation and configuring dnstap, see Configuring dnstap.

Capturing DNS Queries

You can capture queries to all domains or limit the capture to specific domains. You can also apply the Bulk Add Domains feature to tailor query capture to a desired subset of domains or zones. When capturing DNS queries, NIOS matches the specified domain name(s) and everything that belongs to the domain. For example, when you specify 'foo.com' as the domain, NIOS captures queries sent to 'foo.com,' 'mail.foo.com,' and 'ftp.foo.com.' NIOS captures queries to domains for which a name server is authoritative; it also captures recursive queries. Note that this feature does not support wildcard characters or regular expressions.

...

  1. Grid: From the Data Management tab, select the DNS tab, expand the Toolbar and click Grid DNS Properties.
    Member: From the Data Management tab, select the DNS tab and click the Members tab -> member check box checkbox -> Edit icon.
  2. In the Grid DNS Properties or Member DNS Properties editor, click Toggle Advanced Mode and select the Logging tab.
  3. Under Data Collection for all DNS Queries/Responses to a Domain, complete the following:
    • Select the Capture DNS Queries check box checkbox to start capturing DNS queries. This enables the feature set for configuration. When you enable this option at the member level, the appliance captures DNS queries for the selected members only.
    • Select the Capture DNS Responses check box checkbox to start capturing DNS responses. This enables the feature set for configuration. When you enable this option at the member level, the appliance captures DNS responses for the selected members only.

...

    • Select Capture queries/responses for all domains to capture queries and responses to all domains and zones.
    • Select Limit capture to these domains to capture DNS queries and responses to domains and zones one at a time.
    • Specify domains for DNS capture operations in the Domain table by clicking the Add icon, and choosing Add Domain or Bulk Add Domains from the menu.
    • To define the destination for capture files, do the following:
      • Retain captured queries on the local disk: Select this check box checkbox to save the DNS queries on the appliance. In addition to the local disk, you can select to export the DNS queries to the remote server by selecting SCP in the Export to drop-down list.
      • Export to: From the drop-down list, select SCP to back up the DNS queries on the remote server and None to save queries only on the appliance. To save the captured DNS queries on both the appliance and the remote server, select the Retain captured queries on the local disk check box checkbox and SCP from the Export to drop-down list.

...

  1. Grid: From the Data Management tab, select the DNS tab, expand the Toolbar and click Grid DNS Properties.
    Member: From the Data Management tab, select the DNS tab and click the Members tab -> member check box checkbox -> Edit icon.
  2. In the Grid DNS Properties or Member DNS Properties editor, click Toggle Advanced Mode and select the Logging tab.
  3. Under Data Collection for all DNS Queries/Responses to a Domain, select the Exclude the following domains check box checkbox.
  4. Click the Add icon and select Add Domain or Bulk Add Domains and specify domains in the Domain table.

...