...

A capture file for logging DNS queries and responses is rolled over based on the configured time limit or when the file reaches 100 MB in size, whichever is sooner. The default time limit is 10 minutes. The capture file is automatically saved and exported to an FTP or SCP server based on your configuration. When you configure the appliance to save the capture file locally and later enable FTP or SCP, the appliance copies all the data starting with the oldest data. Infoblox recommends that you constantly monitor the FTP or SCP server to ensure that it has sufficient disk space. DNS queries and responses are stored on the appliance if the FTP or SCP server becomes unreachable. The maximum storage capacity varies based on the appliance model. After reaching the maximum limit, the appliance overwrites the old data with the new one. For information about the maximum hard drive space, see the table Maximum Hard Drive Space used for DNS queries and Responses below. The amount of data captured depends on the DNS query rate and the domains that are included in or excluded from the capture. For information about how to exclude domains, see Excluding Domains From Query and Response Capture .

...

below.

Capturing DNS Queries

You can capture queries to all domains or limit the capture to specific domains. You can also apply the Bulk Add Domains feature to tailor query capture to a desired subset of domains or zones. When capturing DNS queries, NIOS matches the specified domain name(s) and everything that belongs to the domain. For example, when you specify 'foo.com' as the domain, NIOS captures queries sent to 'foo.com,' 'mail.foo.com,' and 'ftp.foo.com.' NIOS captures queries to domains for which a name server is authoritative; it also captures recursive queries. Note that this feature does not support wildcard characters or regular expressions.

...

30-Apr-2013 13:35:02.187 client 10.120.20.32#42386: query: foo.com IN A + (100.90.80.102)

...

Capturing DNS Responses

...

...

You can capture DNS responses for the DNS queries sent to the server. The amount of data captured depends on the domains that are included in or excluded from the capture. A DNS response is based on a query generated for a domain. In the response message, NIOS captures the TTL value of a resource record, the resource record type, and resource data.
Following are characteristics of the response messages:

...

07-Apr-2013 20:16:49.083 client 10.120.20.198#57398 UDP: query: a1.signed.com IN RRSIG response: NOERROR +ED a1.signed.com. 28800 IN RRSIG A 5 3 28800 20130616004903 20130611234903
4521 signed.com. evROKe7RbnkjFTsumT3JJg76bduFLfdEEnszitXHQCbVYBS5rDy+qbUI HCQuN/ldCNTJbZQ8MEhuatzfms+2Y5K2sU67P9Yg6GkOMxsT2LcJiBm/ YqrYiZBWGKpLF6J0PdX05133Xwq8XxUStUEJxKfuzcKSY6jaSduQIdFL v6A=; a1.signed.com.900 IN RRSIG NSEC 5 3 900 20130616004903 20130611234903 4521 signed.com.
CnFmXMx9D+ZkDsztQbW2xx8XCROGNMBp0baxFXS/Pxxhg4PQcq58laI97y2Xgqswn/wKNhY8p9hkes5+6t/ihCOIbw FryxtdivPfYYFf3jafedFN ymZu05K9bYUfCUzZTGiRzoJYhxBM7xFT8fMvxni9ngsbLym82Tqv3Nua 6wU=;

...

Configuring DNS Query and Response

...

Captures

To configure DNS query and response captures:

1. Grid: From the Data Management tab, select the DNS tab, expand the Toolbar and click Grid DNS Properties.
   Member: From the Data Management tab, select the DNS tab and click the Members tab -> member check box -> Edit icon.
2. In the Grid DNS Properties or Member DNS Properties editor, click Toggle Advanced Mode and select the Logging tab.
3. Under Data Collection connector for all DNS Queries/Responses to a Domain, complete the following:
   • Select the Capture DNS Queries check box to start capturing DNS queries. This enables the feature set for configuration. When you enable this option at the member level, the appliance captures DNS queries for the selected members only.
   • Select the Capture DNS Responses check box to start capturing DNS responses. This enables the feature set for configuration. When you enable this option at the member level, the appliance captures DNS responses for the selected members only.

...

4. Save the configuration.

Table The following table 37.2 lists the maximum hard drive space required for capturing DNS queries and responses for supported Infoblox appliance models.
Anchor
bookmark2806bookmark2806 Table 37.2 Maximum Hard Drive Space used for DNS queries and Responses

...

Excluding Domains From Query and

...

Response Capture

You can exclude individual domains and their subdomains from DNS query and response capturing. You can also use the Bulk Add Domains feature for a subset of domains to exclude them from query and response capturing.
Subdomains can also be specified for exclusion. NIOS matches the specified domain names and their subdomains while filtering them in the Exclusion list. For example, when you specify 'foo.com' as the domain to be excluded, NIOS filters queries for 'foo.com,' 'mail.foo.com,' and 'ftp.foo.com.'

...

1. Grid: From the Data Management tab, select the DNS tab, expand the Toolbar and click Grid DNS Properties.
   Member: From the Data Management tab, select the DNS tab and click the Members tab -> member check box -> Edit icon.
2. In the Grid DNS Properties or Member DNS Properties editor, click Toggle Advanced Mode and select the Logging tab.
3. Under Data Collection connector for all DNS Queries/Responses to a Domain, select the Exclude the following domains check box.
4. Click the Add icon and select Add Domain or Bulk Add Domains and specify domains in the Domain table.

...