[dns-operations] dnscap features (was Re: Winner of the most useless ...)

[Paul Vixie]

> > When I was at Yahoo! I hacked BIND to log every query that we were
> > returning no answer for so that I could try to get our users to the
> > right place.
> 
> Could it be done by dnscap? That would surely be an useful thing!

if you mean by "no answer" an RCODE=0 ANCOUNT=0 then yes that's easy, but
would also see delegation responses unless we're only looking at RD=1.

but if you mean "NS RRs if present must match the zone to which the query
was sent and not be a delegation" then that's not easy since only the
initiator and responder know what zone that was.  dnscap doesn't know.

or if you mean "query was seen, but no answer was seen" then that's not
easy since there could be traffic assymetry (dnscap may not be in the
path of the response), and dnscap doesn't know the initiator's timeout.

i'm happy to do it if it's useful and possible, just tell me specifically
what it is you think dnscap should do.  the "BUGS" section of the man page
already mentions that it ought to reassemble both TCP and fragged UDP, but
i consider those "future work" and won't be holding up V1.0 for either.