[dsc] DNS IP version indexer
Alexander Gall
gall at switch.ch
Thu Dec 6 16:21:01 UTC 2007
I've written an indexer for the IP version of DNS messages. There
already is an IP indexer called ip_version, so I named this one
dns_ip_version. I have also created a dataset called
dns_ip_version_vs_qtype, because it could be interesting to see
whether the query type distribution is different for the two address
families. This is the dataset definition I use on the collector:
dataset dns_ip_version_vs_qtype dns IPVersion:dns_ip_version Qtype:qtype queries-only;
On the presenter, there is one time-sequence graph for the IP version
just like "DNS Transport". The sub-graph "IP Version/Query Types" is
not really useful as it is, because the amount of queries over IPv6 is
so small. There might be a better way to present this data,
e.g. scale it relative to the number of queries per address family
(not the total amount of queries), but I don't think this is possible
in a single graph.
--
Alex
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dsc-collector.diff
URL: <http://lists.dns-oarc.net/pipermail/dsc/attachments/20071206/5eebfbe6/attachment.asc>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dsc-presenter.diff
URL: <http://lists.dns-oarc.net/pipermail/dsc/attachments/20071206/5eebfbe6/attachment.txt>
More information about the dsc
mailing list