MEjaz <me...@cyberia.net.sa> wrote:
>
> If I enabled the system performs will slow down?
Depends on how much load your servers are under and what their capacity
is.
An alternative to query logs, when you are searching for a known query
name, is to use tcpdump. It's a tedious and fiddly to convert the name to
DNS wire format and then into a pcap filter expression, so I have a little
script to do that (quoted below after my .sig). The command you want is
like:
tcpdump -np udp port 53 and '(' udp[20] == 8 and udp[21] == 118 and udp[22] ==
105 and udp[23] == 116 and udp[24] == 97 and udp[25] == 109 and udp[26] == 105
and udp[27] == 110 and udp[28] == 99 and udp[29] == 3 and udp[30] == 112 and
udp[31] == 114 and udp[32] == 111 ')'
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Southeast Iceland: Northerly 6 to gale 8, veering northeasterly 5 to 7. Rough
or very rough. Rain or wintry showers. Good, occasionally poor.
#!/usr/bin/perl
use warnings;
use strict;
use Net::DNS::DomainName;
die "usage: $0 <domain-name>\n"
unless @ARGV == 1;
my $text = shift;
my $wire = new Net::DNS::DomainName($text)->canonical;
my @wire = unpack 'C*', $wire;
pop @wire unless $text =~ m{\.$};
printf "'(' %s ')'\n",
join ' and ',
map { sprintf "udp[%d] == %d",
20 + $_, $wire[$_] }
0 .. $#wire;
#!/usr/bin/perl
use warnings;
use strict;
die "usage: tcpdump-qname.pl <dns-label>\n"
unless @ARGV == 1;
my $name = shift;
my @name = unpack 'C*', $name;
printf "%s\n", join ', ', @name;
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
