Steven Vona
asked on
Squid proxy and DNS
We have a small network enclave that has a single machine that runs a proxy server and DNS server for that enclave. This system's IP is 192.168.1.2.
Recently we have suspected that someone's machine in that enclave might be infected. We did some research to see if their machine was going to a specific "malicious" site.
( I am blocking some information for security / privacy reasons)
First we found in the DNS logs:
bind.log.120319:19-Mar-201 2 09:41:06.885 queries: info: client 192.168.1.2#41359: query: malicious-site.com IN A + (192.168.1.2)
So it looks like maybe squid made the DNS request for the user?
I checked the access log of squid and do not see any traffic to malicious-site.com.
Can someone explain to me how DNS queries work with squid? It looks like squid is making some queries for users and letting other users make their own queries.
Is there anyway I can track down which client made that DNS request?
Recently we have suspected that someone's machine in that enclave might be infected. We did some research to see if their machine was going to a specific "malicious" site.
( I am blocking some information for security / privacy reasons)
First we found in the DNS logs:
bind.log.120319:19-Mar-201
So it looks like maybe squid made the DNS request for the user?
I checked the access log of squid and do not see any traffic to malicious-site.com.
Can someone explain to me how DNS queries work with squid? It looks like squid is making some queries for users and letting other users make their own queries.
Is there anyway I can track down which client made that DNS request?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.