For sites (to be whitelisted) that are behind ever-changing IP ranges (e.g. Amazon load balancer), has anybody used a services like these?
Is there an existing miner that does DNS lookups?
I saw this recommend in another thread but I'm hoping to avoid another VM:
This is the prototype I'm using
prototypes: dnsLookup:www_netflix_com: class: minemeld.ft.json.SimpleJSON config: age_out: default: null interval: 3600 sudden_death: true attributes: confidence: 100 share_level: green type: IPv4 extractor: Answer[?type == `1`] fields: - name indicator: data prefix: dns source_name: dns.netflix url: https://dns.google.com/resolve?name=www.netflix.com development_status: STABLE indicator_types: - IPv4 node_type: miner tags: - ConfidenceHigh - ShareLevelGreen
Solved! Go to Solution.
can't comment on dns.google.com or dns-api.org but would like to provide some comments on https://github.com/PaloAltoNetworks/fqdn-service
Take into account, though, that if you're using PANOS then you better create custom L7 apps (SSL Decrypt + matching the HTTP Host Header or SSL Response Certificate in case you're not decryting) instead of matching based on FQDN. FQDN matching is performed at "sample intervals" (i.e. once an hour) and these FQDN entries behind AWS rotate tipically at 1 minute intervals. That means that you will, probably, fail to match many sessions between sample intervals no matter which DNS service you end up using
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!