[dns-operations] RFC 8145 section 5 queries hidden behind CZ.NIC public resolver

Petr Špaček petr.spacek at nic.cz
Fri Oct 6 12:36:21 UTC 2017


On 5.10.2017 19:19, Petr Špaček wrote:
> Oh well, what a trivial mistake!
> 
> I'm now runnning
> tcpdump -nn -tt -r ... | fgrep -i '_ta-' | fgrep -i -v dlv > ta.log
> but it will take dozen hours or so to generate the new log, the PCAP is
> about 0.5 TB big.
> 
> Stay tuned.

Numbers produced by script using "fgrep -i" are the very same, no change
at all.

This time I wrote proper script so others can easily try the same trick
on their PCAPs:

tcpdump -nn -tt -r pcap | awk '{ sub(/\.[0-9]+$/, "", $3);
printf("%s,%s\n", strftime("%Y-%m-%d", $1), $3) }' | sort -u | cut -d
"," -f 1 | uniq -c

Enjoy.

-- 
Petr Špaček  @  CZ.NIC



More information about the dns-operations mailing list