We registered a domain name (say 'example.com') and what we want is to see who is trying to resolve the domain name and what kind of requests he send to the web server of that domain name.
For this purpose, we set up a name server and collect the logs of BIND to find out who is querying the name server to resolve 'example.com' (we don't care about the cases where people resolve the domain name by the cached data in the recursive resolvers). We also collect the logs of Apache web server. But the problem is that we can not find out which DNS request corresponds to which web-server request?
To map these two logs together, I was thinking of creating a random subdomain and return it as the CNAME of example.com for each DNS request and then config Apache to redirect all those subdomains to 'example.com' main page. so if that specific subdomain is requested by somebody, I know what is the corresponding DNS query.
Is it the right way of doing this? Is there any other way to do that?
I appreciate any thought or ideas.