Tuesday, August 13, 2019

Layer 7 Inspection to sniff DNS traffic

I work for a dedicated server hosting company and we have a number of customers who lease dedicated machines from us and some of them run DNS servers. I have a goal to provide with my employer as complete a list as possible of domains we are hosting and I know I am missing a large portion of them because we cannot access the records stored on these private DNS servers.

My idea was to sniff traffic on port 53 and capture the domains that are being resolved then finally compare that with the list of IP addresses that are ours. Is this something I can actually accomplish using some sort of layer seven inspections? If yes, I'd love to hear some suggested techniques. If no, maybe an alternative idea?

thanks!



No comments:

Post a Comment