Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

What is the difference between DNS Query and DNS Query Capture in the Report Category?

[ Edited ]
Techie
Posts: 8
6123     0

As per title

 

Screenshot_1.png

 

 

Thank you.

Re: What is the difference between DNS Query and DNS Query Capture in the Report Category?

New Member
Posts: 1
6123     0

A DNS query (also known as a DNS request) is a demand for information sent from a user's computer (DNS client) to a DNS server. By this, you can capture DNS queries for student help online.

Re: What is the difference between DNS Query and DNS Query Capture in the Report Category?

Techie
Posts: 8
6123     0

What is DNS Query Capture then?

Re: What is the difference between DNS Query and DNS Query Capture in the Report Category?

[ Edited ]
Techie
Posts: 6
6124     0

You can see the DNS query is stored in the index called"ib_dns/ib_dns_summary", where the DNS query capture stored in the ib_dns_capture.

image.png

 

The DNS Query store all the DNS statistic information including the top clients, qps trend, requested domain, CHR etc. However, this category is a summary of DNS utilization only.

If you would like to obtains "DNS Top Clients Per Domain", "DNS Query Trend Per IP Block Group", and "DNS RPZ Rule Hit Configuration", you need to enable the feature in the "DNS" under Reporting properties.

image.png

 

If you are looking for the the detail relationship between clients and the requested DNS RR, you need to turn on the DNS query Capture. for examples: "DNS Top Clients by Query Type", "DNS Domains Queried by Client".

 

Please remind that if the DNS query capture category is enabled, it may use a large number of indexing capacity and storage.

 

Eric 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You