-
Notifications
You must be signed in to change notification settings - Fork 13
About
The DNS-STATS Compactor project is a set of tools for capturing and working with DNS server traffic recorded in Compacted-DNS (C-DNS) files. C-DNS is a space-efficient file format for storing DNS traffic. It is defined in Internet Draft draft-ietf-dnsop-dns-capture-format.
The DNS-STATS Compactor suite currently comprises two programs:
- compactor. Similar in usage to tcpdump, compactor reads traffic from one or more network interfaces and writes selected details to C-DNS and PCAP output files. compactor can also read and convert pre-recorded PCAP files.
- inspector. Reconstructs network traffic from C-DNS files produced by compactor. It outputs one or more PCAP files suitable for direct inspection or input to existing analysis tools. See draft-ietf-dnsop-dns-capture-format for limitations on the reconstruction.
compactor is resource efficient, and can therefore be co-located on a nameserver. Alternatively it can be run on a standalone server with access to the network traffic to be recorded.
compactor can be configured to produce multiple output files from a single data source. compactor can optionally compress output files using the popular gzip or xz compression schemes. The output file types that may be produced are:
- C-DNS. These contain captured DNS traffic, along with some ancilliary information, e.g. ICMP and TCP Reset counts. These files are significantly smaller than PCAP files containing the same traffic.
- 'Ignored' traffic. These contain captured non-DNS and malformed DNS packets in PCAP format.
- 'Raw' traffic. These contain all packets in the captured traffic in PCAP format. They are similar to files produced by tcpdump.
DNS-STATS Compactor uses Semantic versioning for releases.
DNS-STATS Compactor was originally developed for ICANN by Sinodun IT.
Copyright (C) Internet Corporation for Assigned Names and Numbers