[dns-operations] RFC 8145 section 5 queries hidden behind CZ.NIC public resolver
Petr Špaček
petr.spacek at nic.cz
Fri Oct 6 12:36:21 UTC 2017
On 5.10.2017 19:19, Petr Špaček wrote:
> Oh well, what a trivial mistake!
>
> I'm now runnning
> tcpdump -nn -tt -r ... | fgrep -i '_ta-' | fgrep -i -v dlv > ta.log
> but it will take dozen hours or so to generate the new log, the PCAP is
> about 0.5 TB big.
>
> Stay tuned.
Numbers produced by script using "fgrep -i" are the very same, no change
at all.
This time I wrote proper script so others can easily try the same trick
on their PCAPs:
tcpdump -nn -tt -r pcap | awk '{ sub(/\.[0-9]+$/, "", $3);
printf("%s,%s\n", strftime("%Y-%m-%d", $1), $3) }' | sort -u | cut -d
"," -f 1 | uniq -c
Enjoy.
--
Petr Špaček @ CZ.NIC
More information about the dns-operations
mailing list