DNS query log
Definition
A record maintained by a DNS resolver listing each domain name query, the requesting IP address, the response, and the timestamp. DNS query logs are a primary source of evidence in investigations involving malware command-and-control, phishing, and DNS tunnelling.
Related terms
- Encapsulation
- The process by which each OSI layer wraps the payload from the layer above it inside its own header (and sometimes trailer)....
- PCAP (packet capture file)
- A binary file format that stores raw network traffic captured from a network interface. Tools such as Wireshark, tcpdump, and Zeek read...
- Protocol Data Unit (PDU)
- The named unit of data at each OSI layer: a frame at Layer 2, a packet at Layer 3, a segment at...
- Server Name Indication (SNI)
- A TLS extension sent in plaintext in the Client Hello message that identifies the hostname the client intends to reach. SNI is...
- TCP three-way handshake
- The connection establishment sequence in TCP: the client sends SYN, the server responds SYN-ACK, and the client completes with ACK. The timestamps...
Explained in
- The OSI Model and Protocols for Network InvestigatorsA record maintained by a DNS resolver listing each domain name query, the requesting IP address, the response, and the timestamp. DNS query logs are a primary...