[dns-operations] can you suggest dns test/log tool
william(at)elan.net
william at elan.net
Thu Aug 10 21:40:51 UTC 2006
On Thu, 10 Aug 2006, Florian Weimer wrote:
> * william elan net:
>
>> I'm using tethereal right now, it provides some info but not dns query
>> flags. So what I need would have to be protocol-aware and also I need
>> it to support both UDP and TCP.
>
> Huh? tethereal -V does not display query flags? Mine does:
Note quite the format I'm looking for, but ok I'll write a
filter to get it into something log-parser friendly.
And I guess Paul Vixie and John Kristoff are right - if I have to
parse it further I might as well just do it directly from tcpdump.
Thanks everyone.
> User Datagram Protocol, Src Port: domain (53), Dst Port: 36384 (36384)
> Source port: domain (53)
> Destination port: 36384 (36384)
> Length: 194
> Checksum: 0x9064 [correct]
> Domain Name System (response)
> Transaction ID: 0x4657
> Flags: 0x8580 (Standard query response, No error)
> 1... .... .... .... = Response: Message is a response
> .000 0... .... .... = Opcode: Standard query (0)
> .... .1.. .... .... = Authoritative: Server is an authority for domain
> .... ..0. .... .... = Truncated: Message is not truncated
> .... ...1 .... .... = Recursion desired: Do query recursively
> .... .... 1... .... = Recursion available: Server can do recursive queries
> .... .... .0.. .... = Z: reserved (0)
> .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
> .... .... .... 0000 = Reply code: No error (0)
> Questions: 1
> Answer RRs: 1
> Authority RRs: 3
> Additional RRs: 4
> Queries
> www.enyo.de: type A, class IN
> Name: www.enyo.de
> Type: A (Host address)
> Class: IN (0x0001)
> Answers
> www.enyo.de: type A, class IN, addr 212.9.189.164
> Name: www.enyo.de
> Type: A (Host address)
> Class: IN (0x0001)
> Time to live: 2 days
> Data length: 4
> Addr: 212.9.189.164
More information about the dns-operations
mailing list