Are you watching your DNS logs?
It is rare for anyone in your environment to look for a domain with more than 20 characters in its name. Actually, most have 8 characters according to this slightly out of date bit of research.
All of which means that if you see a spike in requests for LOONG name lookups, something is wrong.
The only way to tell is to look over your DNS logs, or even better have your log system (Elastic anyone?) alert you when it sees such lookups.
Dave Piscitello goes into it further here, but the basics are to monitor who is making what kinds of calls to your DNS and how often.
No comments:
Post a Comment