[dns-operations] can you suggest dns test/log tool

John Kristoff jtk at ultradns.net
Thu Aug 10 19:30:53 UTC 2006

On Thu, 10 Aug 2006 11:56:43 -0700 (PDT)
"william(at)elan.net" <william at elan.net> wrote:

> I'm curious if people here can suggest a tool that can act as dns
> server and will just log all dns requests printing nice log that
> includes what name, type, class AND FLAGS were in the request (and
> timestamp of course). This tool would be expected to never give any
> answer back, i.e. its not real dns server.

I think Paul's suggestion of using tcpdump is probably the most
appropriate if you can't find something else.  You can even have
tcpdump close a file after a certain amount of bytes and open a new
one.  Then you can post process the pcap and summarize as you wish.

However, there isn't an easy way to get the nice log you want without
doing some parsing as far as I know.  You can do this with something
like tethereal after you've captured the packets.  Parse the full
packet dump (-V) when you see the DNS header 'Flags:'.

Note, tethereal is nice, particular for read filters, but it might
be wise to be paranoid and not use it to capture packets.  Security
history isn't all that great.


More information about the dns-operations mailing list