Versions Compared

Old Version 1

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A capture file for logging DNS queries and responses is rolled over based on the configured time limit or when the file reaches 100 MB in size, whichever is sooner. The default time limit is 10 minutes. The capture file is automatically saved and exported to a SCP server based on your configuration. When you configure the appliance to save the capture file locally and later enable SCP, the appliance copies all the data starting with the oldest data. Infoblox recommends that you constantly monitor the SCP server to ensure that it has sufficient disk space. DNS queries and responses are stored on the appliance if the SCP server becomes unreachable. The maximum storage capacity varies based on the appliance model. After reaching the maximum limit, the appliance overwrites the old data with the new one. For information about the maximum hard drive space, see the section, Maximum Hard Drive Space used for DNS queries Queries and Responses on this page. The amount of data captured depends on the DNS query rate and the domains that are included in or excluded from the capture. For information about how to exclude domains, see Viewing Registered Legacy Data Connector Details.

...

Capturing

...

DNS

...

Queries

...

You can capture queries to all domains or limit the capture to specific domains. You can also apply the Bulk Add Domains feature to tailor query capture to a desired subset of domains or zones. When capturing DNS queries, NIOS matches the specified domain name(s) and everything that belongs to the domain. For example, when you specify ‘foo.com’ as the domain, NIOS captures queries sent to ‘foo.com,’ ‘mail.foo.com,’ and ‘ftp.foo.com.’ NIOS captures queries to domains for which a name server is authoritative; it also captures recursive queries. Note that this feature does not support wildcard characters or regular expressions. 

...

where
+ = recursion
- = no recursion
S = TSIG
E = EDNS option set
T = TCP query
D = EDNS ‘DO’ flag set
C = ‘CD’ message flag set
Following is a sample DNS query message:
30-Apr-2013 13:35:02.187 client 10.120.20.32#42386: query: foo.com IN A + (100.90.80.102) 

...

Capturing DNS Responses

You can capture DNS responses for the DNS queries sent to the server. The amount of data captured depends on the domains that are included in or excluded from the capture. A DNS response is based on a query generated for a domain. In the response message, NIOS captures the TTL value of a resource record, the resource record type, and resource data.

...

4. Save the configuration.

Table2.1 lists the maximum hard drive space required for capturing DNS queries and responses for supported Infoblox appliance models.
Anchor_bookmark53_bookmark53
Table 2.1 Maximum Hard Drive Space used for DNS queries and Responses

...