[dns-operations] DNS Traffic Archive Protocol
Robert Edmonds
edmonds at isc.org
Tue Nov 30 20:55:05 UTC 2010
Ondřej Surý wrote:
> we are building a DNS archivation protocol to reduce the size of raw
> dnscap/pcap packets. Since we are going to opensource that, I
> wonder whether there is an interest for defining the properties of
> such protocol, ie. what to store and what not, etc.
>
> We will then use this to store all the traffic on the authoritative
> servers for .CZ on a long term basic (possibly never delete the
> data).
>
> The idea is that we could possibly feed this to DSC if there is a
> need for a new aggregated statistics. Also a tool to convert the
> "compressed" data to pcap format so it can be fed to other tools
> will be prepared.
>
> I'll prepare short summary of what we have to the date if there is
> an interest to discuss it further.
hi, ondrej:
i'd be quite interested to hear more details. if your primary goal is
to reduce the size of your raw pcap archives -- while still being able
to convert back to pcap format -- i don't see how you could improve on
the pcap format by more than a small constant factor.
--
Robert Edmonds
edmonds at isc.org
More information about the dns-operations
mailing list