-
Notifications
You must be signed in to change notification settings - Fork 5
Useful tips
Query traffic can be significant in size, hence it is quite important to position the DNS collector correctly. Deploying go-dnscollector above the recursive means that only inter-server traffic between caching recursive nameservers and authoritative nameservers is captured and analyzed.
Warning
Positioning the DNS collector below the recursive essentially means that all of the queries issued by clients to the DNS server will be sent to analysis, providing personal identifiable information. Privacy of the users is of out-most importance so proceed with caution before handing client DNS queries to a third party.
pDNSSOC supports archiving old logs in correlation.archive_dir. Files in this directory are compressed DNS logs. Given that pDNSSOC supports correlating up to date MISP attributes with past DNS logs, these are not filtered but the complete set of DNS logs ingested by go-dnscollector. These logs may accumulate and fill up disk space so it is useful to apply some kind of retention policy.