[dns-operations] can you suggest dns test/log tool

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Aug 29 08:35:25 UTC 2006

On Mon, Aug 14, 2006 at 06:51:16PM -0600,
 Duane Wessels <wessels at packet-pushers.com> wrote 
 a message of 20 lines which said:

> William's question prompted me to clean up and publish a little tool
> that I'd been working on previously.  As Florian also suggested, it
> is a Perl script that uses Net::Pcap and Net::DNS.  You can get it
> from http://dns.measurement-factory.com/tools/dnsdump/

Thanks for that simple and useful tool.

I like:

* the way you can choose the output format, which is very nice for
post-processing by your favorite tool.

I dislike:

* the fact that you cannot change the pcap filter (UDP is hardwired,
for instance), this is something that it is probably easy to change.

* and, moreover, the fact that it takes 100 % of the CPU on a server
which serves thousands of requests per second. Apparently, the only
way to filter a part of the DNS requests (say, for a given QNAME, or
for a given QTYPE) is to filter with a grep-like tool after the
formatting has been done by Perl for *every* packet.

It is probably not easy to change (I do not think that pcap provides
an easy way to dig into DNS data) but it prevents me for running
dnsdump full-time on the real machine (I have to use a second box,
connected to a mirror port of the Ethernet switch).

More information about the dns-operations mailing list