[dns-operations] compressing DNS traffic data
bedrich.kosata at nic.cz
Thu Dec 9 11:15:59 UTC 2010
On 12/09/2010 11:33 AM, Ray Bellis wrote:
> On 9 Dec 2010, at 10:06, Jim Reid wrote:
>> Fair enough Ray. But the idea of "uninteresting" data is troubling too. If such data exists, it means there's excessive or redundant data in the DNS protocol. That seems unlikely. Even if the protocol suffers from excessive or redundant data, who's to say that what we consider "uninteresting" today becomes important tomorrow?
> There's data in the protocol which is not redundant in the individual packets, but is redundant when looking at a query/response pair because it's duplicated, e.g. the QID and question section in the response.
>> Some things like the source port number or query ID or QCLASS might appear to be attractive targets that could be discarded. I disagree.
> So do I :)
I think that the only way around this, is to make the solution flexible
in order to enable both lossless and lossy compression. Then each
organization can decide on a workflow for storage of such data, based on
From my point of view, a very reasonable scenario would be to store
complete data for a short period of time and stripped (and even sampled)
data for long term purposes.
In any case, which data to strip should not be hardcoded in the
protocol, but should be fine-tunable by the user.
More information about the dns-operations