[dns-operations] can you suggest dns test/log tool
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Aug 29 08:35:25 UTC 2006
On Mon, Aug 14, 2006 at 06:51:16PM -0600,
Duane Wessels <wessels at packet-pushers.com> wrote
a message of 20 lines which said:
> William's question prompted me to clean up and publish a little tool
> that I'd been working on previously. As Florian also suggested, it
> is a Perl script that uses Net::Pcap and Net::DNS. You can get it
> from http://dns.measurement-factory.com/tools/dnsdump/
Thanks for that simple and useful tool.
I like:
* the way you can choose the output format, which is very nice for
post-processing by your favorite tool.
I dislike:
* the fact that you cannot change the pcap filter (UDP is hardwired,
for instance), this is something that it is probably easy to change.
* and, moreover, the fact that it takes 100 % of the CPU on a server
which serves thousands of requests per second. Apparently, the only
way to filter a part of the DNS requests (say, for a given QNAME, or
for a given QTYPE) is to filter with a grep-like tool after the
formatting has been done by Perl for *every* packet.
It is probably not easy to change (I do not think that pcap provides
an easy way to dig into DNS data) but it prevents me for running
dnsdump full-time on the real machine (I have to use a second box,
connected to a mirror port of the Ethernet switch).
More information about the dns-operations
mailing list