DNS Traffic is always worth watching very closely
But it is not a good excuse to forget your anniversary!
While visiting a large ISP type customer here in the Bay area, we started to discuss the value he could get from network traffic analysis. The volumes of traffic on his network are at a scale that he even struggles with summary information like Netflow; he has so much of it, it is almost impossible to get a handle on it and see anything useful – a real big data problem.
During our conversation, I mentioned that we have a number of dissectors (or application decoders as we call them) for protocols like SMB, NFS, SQL, web, DNS – ’STOP, what can you tell me about my DNS traffic, as my logs are limited’. To be honest, I would have thought LANGuardian provided too much detail for his organization, but I guess DNS is a bit different.
Anyhow, I led on to explain that LANGuardian can:
- Monitor DNS traffic, decode DNS replies
- Inventory of responding DNS servers
- Alert on rogue DNS servers
- Review what resolutions clients receiving
- Monitor client requests, validate DNS traffic (piggybacking)
To quote a good friend, Tim of #lovemytool ‘John, show me, don’t tell me’