dnscap and ncap (Re: how to log all recursive query responses?)
David Sparks
dave at ca.sophos.com
Tue Aug 12 23:25:27 UTC 2008
>> tcpdump -v -x udp and port 53 and 'udp[20] == 3' and 'udp[21] == 102'
>> and 'udp[22] == 111' and 'udp[23] == 111'
>
> yow. looks WAY painful. have you tried dnscap? its CLI language has not
> changed in the last six months, so if you were waiting for it to settle
> out, now's your moment. https://www.dns-oarc.net/tools/dnscap has sources.
dnscap is excellent! Note that for my use case it would be preferable for the
-e flag to default to showing everything (and hence not be needed) instead of
discarding errors. Right now I execute `dnscap -e nytfsxir ...` which is
certainly not as painful as the tcpdump example above but not something you
want to type in all the time.
Overall dnscap is a great tool for debugging. I recommend it for anyone who
is looking at network streams.
Cheers,
ds
More information about the bind-users
mailing list