From 001ad6ec4e08910fdd2343114ec0710a3bb6dc52 Mon Sep 17 00:00:00 2001 From: Stephane Bortzmeyer Date: Tue, 14 Dec 2021 11:19:49 +0100 Subject: [PATCH] Without a DNS server --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index a9be9a9..7e600e8 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,8 @@ First, we need a subdomain that we can use to receive incoming DNS requests. In log4jdnsreq 3600 IN NS log4jchecker.northwave.nl. ``` +[Note that installing a server is not stricly necessary, see "Without a DNS server".] + We now set up a BIND DNS server on a Debian system using `apt install bind9` and add the following to the `/etc/bind/named.conf.options` file: ``` @@ -59,6 +61,16 @@ logging { ``` Don't forget to restart BIND using `systemctl restart bind9`. Check if the logging works by performing a DNS query for `xyz.log4jdnsreq.northwave.nl`. One or more queries should show up in `/var/log/named/query.log`. +### Without a DNS server + +You can also do without a DNS server. Just run `tcpdump` on the machine where the domain name is delegated. An example on the machine of IP address `2001:db8::beef`: + +``` +tcpdump -n dst host 2001:db8::beef and dst port 53 +``` + +`tcpdump` will display the DNS requests received. + ## Running the script Install any Python dependencies using `pip install -r requirements.txt`. Edit the script to change the following line to the DNS zone you configured: