[dns-operations] Access to DNS-Logs

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Jul 14 21:11:44 UTC 2009

On Mon, Jul 13, 2009 at 09:42:00PM +0000,
 Paul Vixie <vixie at isc.org> wrote 
 a message of 17 lines which said:

> the problem with all existing solutions is that they are orders of
> magnitude too slow.  at ISC SIE we see dozens of megabits of
> response data per second, and the only thing fast enough so far to
> hold a summary of same is: RAM.

The "existing solutions" are too slow if you insist on capturing
*every* packet. This is reasonable for some uses (for instance some
security analysis) but not for all (for instance, statistics about
EDNS0 or DNSSEC or IPv6 deployment).

DNSmezzo, as used today at AFNIC, relies on sampling (see RFC 5474) to
avoid this performance problem. Options -S and -R of pcapdump.

More information about the dns-operations mailing list