[dns-operations] Fingerprinting stub resolvers
Rubens Kuhl
rubens at registro.br
Fri Jan 4 16:48:06 UTC 2013
Em 04/01/2013, às 14:05:000, Matthew Pounsett escreveu:
>
> A friend of mine at an ISP asked me recently whether I had any suggestions for fingerprinting stub resolvers. They've got pcaps from the downstream side of their caching servers and are looking at trying to pull more interesting statistics than query counts out of them. I didn't have any good suggestions, but it seems like an interesting question to ask of one's name server. Has anyone else tackled this before? Do tools exist?
One could try looking for queries similar to the ones fpdns does:
https://github.com/kirei/fpdns
fpdns uses very unusual, borderline queries, to try to identify the servers, so it might not find much samples in the usual traffic.
Rubens
More information about the dns-operations
mailing list