Is it possible to have bind log DNS lookup requests that do NOT occur from user interactive input. Example: User entering url in browser or terminal not being that significant. I am looking only to log when the system or a process is making a DNS lookup as is typical with malware that is attempting to beacon home and inserting its dns calls.
Is this a capability inherent in the system or are there any known scripts to process this kind of activity into a report?
Thanks for any discussion on this topic or friendly pointers in the correct direction.
Is this a capability inherent in the system or are there any known scripts to process this kind of activity into a report?
Thanks for any discussion on this topic or friendly pointers in the correct direction.