{"id":101970,"date":"2025-01-23T16:40:18","date_gmt":"2025-01-23T08:40:18","guid":{"rendered":"https:\/\/version-2.com\/?p=101970"},"modified":"2025-01-15T16:43:50","modified_gmt":"2025-01-15T08:43:50","slug":"dns-security-best-practices-for-logging","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2025\/01\/dns-security-best-practices-for-logging\/","title":{"rendered":"DNS Security Best Practices for Logging"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"101970\" class=\"elementor elementor-101970\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-35fe5dd post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"35fe5dd\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;cef08c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-409a2e9a\" data-id=\"409a2e9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5a8be8f elementor-widget elementor-widget-text-editor\" data-id=\"5a8be8f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-medium\" src=\"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/08\/DNS-Server-Blog.jpg\" width=\"1200\" height=\"628\" \/><\/p><div class=\"elementor-widget-container\"><p>Your Domain Name System (DNS) infrastructure enables users to connect to web-based resources by translating everyday language into IP addresses. Imagine going into a restaurant, in the age before the internet, only to find that the staff speaks and the menu is written in a different language from yours. Without some shared communication form, you can\u2019t order dinner, and they can\u2019t give you what you want. Finally, someone comes into the restaurant who speaks both languages, acting as the translator so you can get the service you need.<\/p><p>\u00a0<\/p><p><a href=\"https:\/\/www.cloudflare.com\/en-ca\/learning\/dns\/what-is-dns\/\">A DNS infrastructure<\/a> is the translator for cloud-based operations for continued services. However, when malicious actors target your DNS, a successful attack can lead to downtime or a data breach.<\/p><p>\u00a0<\/p><p>To mitigate risk, you should implement some DNS security best practices, including knowing what logs help you monitor for and detect a potential incident.<\/p><p>\u00a0<\/p><h2>What is DNS security?<\/h2><p>DNS security refers to the measures taken to protect the Domain Name System (DNS) infrastructure from cyber attacks. DNS translates a human-readable URL (Uniform Resource Locator) into a machine-readable IP address, routing user requests to the appropriate digital resources.<\/p><p>\u00a0<\/p><p>Cyber attacks against the DNS infrastructure can lead to:<\/p><ul><li>Website defacement<\/li><li>Traffic hijacking sending users to malicious websites or intercepting communications<\/li><li>Unauthorized access to sensitive information<\/li><li><a href=\"https:\/\/graylog.org\/post\/how-to-stop-a-ddos-attack\/\">Distributed Denial of Service (DDoS) attacks<\/a> causing service outages and business interruption<\/li><\/ul><p>\u00a0<\/p><p>DNS security controls typically include:<\/p><ul><li><strong>Redundancy<\/strong>: Using multiple DNS servers spread across different locations to prevent a single point of failure<\/li><li><strong>DNS Security Extensions (DNSSEC)<\/strong>: Protocols providing authentication and data integrity<\/li><li><strong>DNS logging<\/strong>: Monitoring for and detecting malicious activities<\/li><\/ul><p>\u00a0<\/p><h2>Why is DNS security important?<\/h2><p>The history of DNS gives insight into why it is not a secure technology. Originally <a href=\"https:\/\/cyber.harvard.edu\/icann\/pressingissues2000\/briefingbook\/dnshistory.html\">created in 1983<\/a> so people could more easily navigate the nascent internet, no one predicted this new connectivity would change and become critical to daily operations.<\/p><p>Your DNS infrastructure acts as the foundation for your digital business operations meaning the service disruptions lead to downtime and lost revenue.<\/p><p>\u00a0<\/p><p>A successful attack against your DNS infrastructure can lead to:<\/p><ul><li><strong>Business disruption<\/strong>: Without the ability to translate URLs into IP addresses, users and customers cannot connect to digital services.<\/li><li><strong>Lost revenue<\/strong>: Without the ability to connect to services, customers cannot engage in transactions, like being able to purchase items in an e-commerce store.<\/li><li><strong>Data breach<\/strong>: Compromising DNS services can lead to unauthorized data transfers, modification, or access that impact sensitive data\u2019s integrity and privacy.<\/li><li><strong>Compliance risk:<\/strong> DNS is included in various compliance frameworks and mandates, including the Payment Card Industry Data Security Standard (PCI DSS) and International Organization for Standardization (ISO) 27002-2022<\/li><\/ul><p>\u00a0<\/p><h2>6 DNS Attack Types and How to Prevent Them<\/h2><p>As attackers increasingly target the DNS infrastructure, knowing these four common attack types can help you implement security controls and the appropriate monitoring to mitigate risk.<\/p><p>\u00a0<\/p><h3>DoS and DDoS<\/h3><p>Many attacks against the DNS infrastructure fall into these categories, even if they use different methodologies for achieving the objective. Although similar, you should understand the following differences:<\/p><ul><li><strong>Denial of Service (DoS)<\/strong>: one computer using one internet connection sends high volumes of traffic to a remote server<\/li><li><strong>Distributed Denial of Service (DDoS)<\/strong>: multiple devices across multiple internet connections target a resource, often using a botnet consisting of devices infected with malware<\/li><\/ul><p>\u00a0<\/p><p>These attacks flood a DNS server with requests and traffic. As the server attempts to manage the responses, it becomes overloaded and shuts down.<\/p><p>\u00a0<\/p><h3>DNS amplification attacks<\/h3><p>One DDoS attack type is DNS amplification, in which malicious actors send high volumes of DNS name lookup requests to publicly accessible, open DNS servers. Instead of using their own IP in the source address, the attackers spoof the target\u2019s address so that the DNS server responds to the target.<\/p><p>\u00a0<\/p><h3>DNS hijacking<\/h3><p>In a DNS hijacking attack, malicious actors make unauthorized changes to the DNS settings which redirect users to deceptive or malicious websites. Some varieties of DNS hijacking attack include:<\/p><ul><li><strong>Cache poisoning<\/strong>: inserting false data into the DNS server\u2019s cache to redirect users when they try to access the website<\/li><li><strong>Server hijacking<\/strong>: gaining unauthorized access to a domain\u2019s DNS records and changing A or AAAA records that redirect users to a malicious IP address or attacker-controlled server<\/li><\/ul><p>\u00a0<\/p><h3>DNS Spoofing<\/h3><p>DNS spoofing, also called DNS poisoning, exploits security gaps in the DNS protocol. The attacker gets in between the browser and the DNS server to supply the wrong response, diverting traffic to the malicious website.<\/p><p>\u00a0<\/p><h3>DNS tunneling<\/h3><p>DNS tunneling is a sophisticated attack where malicious actors insert data into the communication path between the browser and server. This enables them to bypass several defensive technologies, including:<\/p><ul><li>Filters<\/li><li>Firewalls<\/li><li>Packet capture<\/li><\/ul><p>\u00a0<\/p><p>This process routes queries to a command and control (C2) server, enabling them to steal information.<\/p><p>\u00a0<\/p><h2>DNS Logging Best Practices for Improved Security<\/h2><p>Whether you build your own DNS infrastructure or use a managed service, you should be integrating your DNS logs into your overarching security monitoring. While the logs should provide similar information, the field used changes based on your DNS server\u2019s manufacturer. However, you should look for log fields supporting the following categories and event types.<\/p><figure id=\"attachment_26707\" class=\"wp-caption aligncenter\" style=\"width: 800px;\" aria-describedby=\"caption-attachment-26707\"><img decoding=\"async\" class=\"alignnone size-medium\" src=\"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/www.graylog.org\/wp-content\/uploads\/2024\/08\/what_is_a_dns_server_dns_lookup-1024x512.png\" width=\"1024\" height=\"512\" \/><\/figure><figure class=\"wp-caption aligncenter\" style=\"width: 800px;\" aria-describedby=\"caption-attachment-26707\"><figcaption id=\"caption-attachment-26707\" class=\"wp-caption-text\"><a href=\"https:\/\/www.cloudflare.com\/en-ca\/learning\/dns\/what-is-dns\/\">Cloudflare Graphic Reference<\/a><\/figcaption><\/figure><h3>Zone operations<\/h3><p>In DNS-speak, the zone refers to the domain. Some data you should consider collecting include log fields related to the creation, deletion, or modification to:<\/p><ul><li>Zones<\/li><li>Records<\/li><li>Nodes<\/li><\/ul><p>\u00a0<\/p><h3>DNS Security Extensions (DNSSEC)<\/h3><p>DNSSEC are configurations that use digital signatures to authenticate DNS queries and responses. Some data you should consider collecting include log fields related to:<\/p><ul><li>Addition of new keys or trust points<\/li><li>Removal of keys or trust points<\/li><li>Exports of metadata<\/li><\/ul><p>\u00a0<\/p><h3>Policies<\/h3><p>DNS policies allow you to<\/p><ul><li>Balance traffic loads<\/li><li>Assign DNS clients based on geographic location<\/li><li>Create zones<\/li><li>Manage query filters<\/li><li>Redirect malicious DNS requests to a non-existent IP address<\/li><\/ul><p>\u00a0<\/p><p>Some data you should consider collecting include log fields related to the creation, deletion, or modification of:<\/p><ul><li>Client subnet records<\/li><li>Server level policies<\/li><li>Forwarding policies<\/li><li>Zone policies<\/li><\/ul><p>\u00a0<\/p><h2>Graylog Security: Correlating DNS Log Events<\/h2><p><a href=\"https:\/\/graylog.org\/post\/security-log-monitoring-and-dns-request-analysis\/\">DNS logs are often difficult to parse<\/a>, sometimes creating a blind spot when monitoring DNS security. Graylog Security offers out-of-the-box content that streamlines this process with pre-built content to rapidly set up and start monitoring your DNS security.<\/p><p>Our<a href=\"https:\/\/graylog.org\/videos\/cyber-defense-with-mitre-framework-insights-from-graylog-and-soc-prime\/\"> prebuilt content to map security events to MITRE ATT&amp;CK<\/a>. By combining Sigma rules and MITRE ATT&amp;CK, you can create high-fidelity alerting rules that enable robust threat detection, lightning-fast investigations, and streamlined threat hunting. For example, with Graylog\u2019s security analytics, you can monitor user activity for anomalous behavior indicating a potential security incident. By mapping this activity to the MITRE ATT&amp;CK Framework, you can detect and investigate adversary attempts at using Valid Accounts to gain Initial Access, mitigating risk by isolating compromised accounts earlier in the attack path and reducing impact.<\/p><p>Graylog\u2019s risk scoring capabilities enable you to streamline your threat detection and incident response (TDIR) by aggregating and correlating the severity of the log message and event definitions with the associated asset, reducing alert fatigue and allowing security teams to focus on high-value, high-risk issues.<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2004c86 elementor-widget elementor-widget-shortcode\" data-id=\"2004c86\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"93504\" class=\"elementor elementor-93504\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6461a578 elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"6461a578\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2f063c39\" data-id=\"2f063c39\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-14e1df2a elementor-widget elementor-widget-text-editor\" data-id=\"14e1df2a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>About Graylog\u00a0\u00a0<\/strong><br \/>At Graylog, our vision is a secure digital world where organizations of all sizes can effectively guard against cyber threats. We\u2019re committed to turning this vision into reality by providing Threat Detection &amp; Response that sets the standard for excellence. Our cloud-native architecture delivers SIEM, API Security, and Enterprise Log Management solutions that are not just efficient and effective\u2014whether hosted by us, on-premises, or in your cloud\u2014but also deliver a fantastic Analyst Experience at the lowest total cost of ownership. We aim to equip security analysts with the best tools for the job, empowering every organization to stand resilient in the ever-evolving cybersecurity landscape.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Your Domain Name System (DNS) infrastructure enables us [&hellip;]<\/p>\n","protected":false},"author":149011790,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1303,1305,61],"tags":[1077,1304],"class_list":["post-101970","post","type-post","status-publish","format-standard","hentry","category-graylog","category-1305","category-press-release","tag-1077","tag-graylog"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DNS Security Best Practices for Logging - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DNS Security Best Practices for Logging - Version 2\" \/>\n<meta property=\"og:description\" content=\"Your Domain Name System (DNS) infrastructure enables us [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-23T08:40:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/08\/DNS-Server-Blog.jpg\" \/>\n<meta name=\"author\" content=\"tracylamv2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"tracylamv2\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u8a08\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/01\\\/dns-security-best-practices-for-logging\\\/\"},\"author\":{\"name\":\"tracylamv2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\"},\"headline\":\"DNS Security Best Practices for Logging\",\"datePublished\":\"2025-01-23T08:40:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/01\\\/dns-security-best-practices-for-logging\\\/\"},\"wordCount\":1183,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn-jnkep.nitrocdn.com\\\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\\\/assets\\\/images\\\/optimized\\\/rev-ed4d356\\\/graylog.org\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/DNS-Server-Blog.jpg\",\"keywords\":[\"2025\",\"Graylog\"],\"articleSection\":[\"Graylog\",\"2025\",\"Press Release\"],\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/01\\\/dns-security-best-practices-for-logging\\\/\",\"url\":\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/\",\"name\":\"DNS Security Best Practices for Logging - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn-jnkep.nitrocdn.com\\\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\\\/assets\\\/images\\\/optimized\\\/rev-ed4d356\\\/graylog.org\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/DNS-Server-Blog.jpg\",\"datePublished\":\"2025-01-23T08:40:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cdn-jnkep.nitrocdn.com\\\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\\\/assets\\\/images\\\/optimized\\\/rev-ed4d356\\\/graylog.org\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/DNS-Server-Blog.jpg\",\"contentUrl\":\"https:\\\/\\\/cdn-jnkep.nitrocdn.com\\\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\\\/assets\\\/images\\\/optimized\\\/rev-ed4d356\\\/graylog.org\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/DNS-Server-Blog.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/graylog.org\\\/post\\\/dns-security-best-practices-for-logging\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DNS Security Best Practices for Logging\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/011bc7c3731c930bcfeecd52fefb6365\",\"name\":\"tracylamv2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g\",\"caption\":\"tracylamv2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/tracylamv2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DNS Security Best Practices for Logging - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/","og_locale":"zh_HK","og_type":"article","og_title":"DNS Security Best Practices for Logging - Version 2","og_description":"Your Domain Name System (DNS) infrastructure enables us [&hellip;]","og_url":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/","og_site_name":"Version 2","article_published_time":"2025-01-23T08:40:18+00:00","og_image":[{"url":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/08\/DNS-Server-Blog.jpg","type":"","width":"","height":""}],"author":"tracylamv2","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"tracylamv2","\u9810\u8a08\u95b1\u8b80\u6642\u9593":"12 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/2025\/01\/dns-security-best-practices-for-logging\/"},"author":{"name":"tracylamv2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365"},"headline":"DNS Security Best Practices for Logging","datePublished":"2025-01-23T08:40:18+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2025\/01\/dns-security-best-practices-for-logging\/"},"wordCount":1183,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/08\/DNS-Server-Blog.jpg","keywords":["2025","Graylog"],"articleSection":["Graylog","2025","Press Release"],"inLanguage":"zh-HK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2025\/01\/dns-security-best-practices-for-logging\/","url":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/","name":"DNS Security Best Practices for Logging - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/#primaryimage"},"image":{"@id":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/08\/DNS-Server-Blog.jpg","datePublished":"2025-01-23T08:40:18+00:00","breadcrumb":{"@id":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/#primaryimage","url":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/08\/DNS-Server-Blog.jpg","contentUrl":"https:\/\/cdn-jnkep.nitrocdn.com\/GTmurwhroBoLJVMAHNGccmBVEhSunPoF\/assets\/images\/optimized\/rev-ed4d356\/graylog.org\/wp-content\/uploads\/2024\/08\/DNS-Server-Blog.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/graylog.org\/post\/dns-security-best-practices-for-logging\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"DNS Security Best Practices for Logging"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/011bc7c3731c930bcfeecd52fefb6365","name":"tracylamv2","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9d01d79cbfd8b2e878f5d701a362cc9fca466d33fec977b59706c23c1a2db15c?s=96&d=identicon&r=g","caption":"tracylamv2"},"url":"https:\/\/version-2.com\/zh\/author\/tracylamv2\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-qwG","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/101970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/149011790"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=101970"}],"version-history":[{"count":7,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/101970\/revisions"}],"predecessor-version":[{"id":101977,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/101970\/revisions\/101977"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=101970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=101970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=101970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}