Main Nav

This is a shout out to all of you: my friends and peers: Because I experienced a previously unseen DNS issue today, I am investigating building or buying a System Incident and Event Monitor (SIEM) that speaks DNS. Can I please ask for you to submit known error messages offline and I will tabulate and share them as a list later? i.e. no more recursive clients: quota reached - this can indicate that clients are unable to resolve hostnames and should be alerted on. Thank you very mutch in advance. Randy Grimshaw rgrimsha@syr.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Hi Randy, Can you tell us a bit more about your DNS setup? It won't do much good for me to send you logs from an authoritative-only BIND instance if you're running a recursive Unbound server (and vice-versa). Which daemon(s) are you running? Are you looking for errors on the recursive side of the house? Authoritative? Both? John John Miller Systems Engineer Brandeis University 781-736-4619 johnmill@brandeis.edu On 11/09/2012 01:44 PM, Randall C Grimshaw wrote: > This is a shout out to all of you: my friends and peers: > > Because I experienced a previously unseen DNS issue today, I am investigating building or buying a System Incident and Event Monitor (SIEM) that speaks DNS. > > Can I please ask for you to submit known error messages offline and I will tabulate and share them as a list later? > > i.e. no more recursive clients: quota reached - this can indicate that clients are unable to resolve hostnames and should be alerted on. > > Thank you very mutch in advance. > > Randy Grimshaw > rgrimsha@syr.edu > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Thank you... I am looking for known disruptive error messages related to ISC bind 9.x.x i.e. Version 9.8.2 of ISC bind as distributed by RedHat we present slaves as both internally resolving and externally non-resolving hosts. and again- thank you To keep noise to a minimum, please submit just the known errors to watch for to me rgrimsha@syr.edu offline so that I can tabulate and post a concise list. Randall Grimshaw rgrimsha@syr.edu ________________________________________