[dns-operations] compressing DNS traffic data

Bedrich Kosata bedrich.kosata at nic.cz
Thu Dec 9 11:15:59 UTC 2010

On 12/09/2010 11:33 AM, Ray Bellis wrote:
> On 9 Dec 2010, at 10:06, Jim Reid wrote:
>> Fair enough Ray. But the idea of "uninteresting" data is troubling too. If such data exists, it means there's excessive or redundant data in the DNS protocol. That seems unlikely. Even if the protocol suffers from excessive or redundant data, who's to say that what we consider "uninteresting" today becomes important tomorrow?
> There's data in the protocol which is not redundant in the individual packets, but is redundant when looking at a query/response pair because it's duplicated, e.g. the QID and question section in the response.
>> Some things like the source port number or query ID or QCLASS might appear to be attractive targets that could be discarded. I disagree.
> So do I :)

I think that the only way around this, is to make the solution flexible 
in order to enable both lossless and lossy compression. Then each 
organization can decide on a workflow for storage of such data, based on 
its needs.
 From my point of view, a very reasonable scenario would be to store 
complete data for a short period of time and stripped (and even sampled) 
data for long term purposes.
In any case, which data to strip should not be hardcoded in the 
protocol, but should be fine-tunable by the user.


> Ray

More information about the dns-operations mailing list