[RPZ] Logging analysis and consolidation (part II)

Eric Ziegast ziegast at isc.org
Fri Feb 17 17:43:59 UTC 2012

Consider in your analysis that some browsers might do pre-fetching
which might yield false positives on either the DNS or HTTP download
side.  Just a thought.

On 2/17/12 9:24 AM, Hugo Maxwell Connery wrote:
> * all RPZ responses from DNS resolvers are logged and shipped to a database
> * all visits to the walled garden are logged and shipped to the same database
> * the analysis web site allows querying of the raw data (DNS or Walled Garden), 
>   or the more interesting correlated data (DNS log + Walled Garden log --> person 
>   visiting nasty sites, or DNS with *no* corresponding Walled Garden log --> probable 
>   malware activity).

More information about the DNSfirewalls mailing list