<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000"><br>
<br>
Kaio Rafael wrote:
<blockquote
cite="mid:CAF2aHgHqpMWqebxtMcG+D58QjaMh1bxhXUe5JEWp9z+H7=r6Fw@mail.gmail.com"
type="cite">
<pre wrap="">Hi,
I am looking for a DNS dataset for academic research. I have been
studying .BR DNS dataset (DITL 2008 on DNS-OARC servers), however, I
would like to investigate more recent traffic.</pre>
</blockquote>
<br>
do you know about the Security Information Exchange? <a class="moz-txt-link-freetext" href="http://sie.isc.org/">http://sie.isc.org/</a>
has details.<br>
<br>
<blockquote
cite="mid:CAF2aHgHqpMWqebxtMcG+D58QjaMh1bxhXUe5JEWp9z+H7=r6Fw@mail.gmail.com"
type="cite">
<pre wrap="">
I am a PhD candidate at Federal University of Amazonas (Brazilian
state), and my research concerns how DNS traffic can be used to
identify Botnets.</pre>
</blockquote>
<pre wrap="">
</pre>
<span style="font-family: monospace;">here is one message, out of a flow
of tens of thousands per second, from SIE Channel 202, displayed in
ASCII (which is not useful other than for demos like this -- you'll want
to write code in Python, Perl, or C to actually process it.) i've
anonymized the questioner IP, answerer IP, and sensor ID (xxx, yyy, and
zzz below), leaving only information that's safely shared in public:<br>
<br>
<br>
root@hb:/var/tmp # nmsgtool -V isc -T dnsqr -C ch202 -c 1<br>
[237] [2013-04-18 22:09:28.307429000] [1:9 ISC dnsqr] [zzz] [] []<br>
type: UDP_QUERY_RESPONSE<br>
query_ip: xxx<br>
response_ip: yyy<br>
proto: UDP (17)<br>
query_port: 37910<br>
response_port: 53<br>
id: 60999<br>
qname: 73.143.122.74.in-addr.arpa.<br>
qclass: IN (1)<br>
qtype: PTR (12)<br>
rcode: SERVFAIL (2)<br>
delay: 0.036673<br>
udp_checksum: CORRECT<br>
query: [44 octets]<br>
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 60999<br>
;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br>
<br>
;; QUESTION SECTION:<br>
;73.143.122.74.in-addr.arpa. IN PTR<br>
<br>
;; ANSWER SECTION:<br>
<br>
;; AUTHORITY SECTION:<br>
<br>
;; ADDITIONAL SECTION:<br>
---<br>
response: [44 octets]<br>
;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 60999<br>
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br>
<br>
;; QUESTION SECTION:<br>
;73.143.122.74.in-addr.arpa. IN PTR<br>
<br>
;; ANSWER SECTION:<br>
<br>
;; AUTHORITY SECTION:<br>
<br>
;; ADDITIONAL SECTION:<br>
---<br>
<br>
paul<br>
</span></body></html>