Hi,
On 04/04/2018 03:52 PM, Brian Candler wrote:
> One question. Protobuf messages are in general not self-delimiting[^1],
> but I couldn't find any description of how PDNS delimits protobuf
> messages. Are they wrapped? Or does tag 1 mark the start of each
> message (which I note is the only r
On 03/04/2018 22:39, Brian Candler wrote:
Aha, "powerdns recursor protobuf export" was the search term I needed,
thanks!
https://doc.powerdns.com/recursor/lua-config/protobuf.html
One question. Protobuf messages are in general not self-delimiting[^1],
but I couldn't find any description of ho
On 03/04/2018 22:28, Remi Gacogne wrote:
Yes, in my humble opinion using our protobuf export feature is the way
to go, at least that's the kind of goal we had in mind when we designed it.
Note that it's not really Lua-related in the recursor, it only happens
to be configurable via the Lua configu
Hi Brian,
On 04/02/2018 12:06 PM, Brian Candler wrote:
> I therefore wonder what approaches other people have taken to this
> problem. Is it possible to do this efficiently within pdns itself, e.g.
> using LUA [^1]? Should I put dnsdist in front [^2]?
Yes, in my humble opinion using our protob
It's not powerdns specific, but we have been using packetbeat for that sort
of work.
Chris Stradtman
On Mon, Apr 2, 2018 at 6:06 AM, Brian Candler wrote:
> I'm investigating how to monitor DNS queries as a source of security
> information for breach detection. In the case of client machines, w
I'm investigating how to monitor DNS queries as a source of security
information for breach detection. In the case of client machines, we
can check the queries against a blacklist of known C&C or malware
domains; in the case of servers, we know they should only be making
outbound connections t
