[dsc] Filter DSC statistiks according to TLD / SLD
Jerry Lundström
jerry at dns-oarc.net
Tue Apr 3 15:06:18 UTC 2018
Hi Jakob,
On Tue, 2018-04-03 at 16:35 +0200, Jakob Dhondt wrote:
> recently I have migrated our dsc processes to a new host and changed
> some things along the way. One thing that I tried is filtering the
> traffic from a pcap-file according to TLD / SLD so that we can share
> part of the data where we act as secondary. I haven't found an easy way
> though. One thing I could imagine is to use bpf_filter but I couldn't
> find a way that does not involve knowing the exact byte values of the
> packages. So the only thing I have come up with for now is filtering the
> pcap beforehand, e.g. with tshark, and then feeding it to dsc. But I was
> wondering if there is a better solution.
Have you tried the QNAME filter?
Defines a custom QNAME-based filter for DNS messages. If
you refer to this named filter on a dataset line, then only
queries or replies for matching QNAMEs will be counted.
In your case I'd guess something like:
qname_filter TLD-Only \.tld$ ;
Then add it to all datasets:
dataset qtype dns All:null Qtype:qtype queries-only,TLD-Only;
...
Cheers,
Jerry
More information about the dsc
mailing list