Who made a DNS Request?

[A. Help]

Is there a way to tell which host on my network made a request to a specific
web site by looking at the cached dns lookups on our server? I have a user
that keeps going to the site xxx.com and I want to know who keeps trying to
get to it.

Thanks.

 

[Steven L Umbach]

You would need to capture packets with Netmon for a while which would generate tens
of thousands of lines, or install something like a personal firewall on the server to
use it's logging capabilities. Sygate is free to try and has excellent logging
including sortable columns, but would require a reboot if that is a problem. You
could configure the firewall to pass all traffic and just use it for logging. If you
decide to go that route be sure to do a backup first [as is always best practice] in
case there is a problem with installing the firewall on the server. -- Steve

 

[Guest]

or you can just put in a new record on your dns server so
that when the user goes to xxx.com it redirects them to
the corporate Acceptable Use Policy.

-----Original Message-----
You would need to capture packets with Netmon for a while which would generate tens
of thousands of lines, or install something like a

personal firewall on the server to

use it's logging capabilities. Sygate is free to try and has excellent logging
including sortable columns, but would require a reboot if that is a problem. You
could configure the firewall to pass all traffic and just use it for logging. If you
decide to go that route be sure to do a backup first [as is always best practice] in
case there is a problem with installing the firewall on the server. -- Steve

Is there a way to tell which host on my network made a request to a specific
web site by looking at the cached dns lookups on our server? I have a user
that keeps going to the site xxx.com and I want to know who keeps trying to
get to it.

Thanks.

.