Sysadmin > SerVices > BinD9 > DetectDomainGenerationAlgorithm

Filter domain generation algorithm

Domain generation algorithm (DGA) are used by various malware to periodically generate a large number of domain names that can be used to connectg there controllers.

tail -f  /var/log/named/queries.log | grep query  |  grep "\(.biz \|.ru \|.info \)" | grep -v \.de\ | grep -v " www." | grep "[[:alpha:][:digit:]]\{14,\}"