Discuss mailing list

[Uwe Kiewel <ml AT kiewel-online.ch>]

Am 11.05.2011 17:58, schrieb Stefan Sabolowitsch:
> Hi Psilo,
> yes this work completely without logs.
> On DNS SV run a collector application.
> The collector process uses libpcap<http://www.tcpdump.org/>  to receive DNS 
> messages sent and received
> on a network interface. It may run on the same machine as the DNS server, or 
> on another system connected
> to a switch configured with port mirroring. A configuration file defines some 
> number of datasets
> and other options. Datasets are dumped to disk every 60 seconds as XML files. 
> A cron job copies the XML
> files to a separate server for archiving and further processing.
>
> Please read here for more details:
> http://dns.measurement-factory.com/tools/dsc/index.html

I don't like this tool - you have to trace the full network traffic from 
and to port 53.

CU
Uwe