6/18/2023 0 Comments Tshark httpsThis will typically be run on the local DNS forwarder server or default gateway (router), though since this has to examine all traffic on a server, it's recommended only to run it on a DNS forwarder server. Running the command will display the source address (Quad9), destination address (the client), the domain name, and the timestamp. Please refer to the manual page for tshark: This command is used as an example, and can be modified as desired to adjust the output format, output file, etc. It is possible to monitor for and record blocked domains with the tshark application, which is available on most Linux distributions by installing the tshark application through the appropriate package manager. It is not typically trivial to record block events with most DNS forwarders due to the limitation of the response logging capabilities, or lack thereof, in various recursive/forwarding DNS software. Quad9 signals a domain is blocked by returning the NXDOMAIN response code and an AUTHORITY value of 0.
0 Comments
Leave a Reply. |