DNSmezzo

Description

DNSmezzo is a framework for the capture and analysis of DNS packets. It allows the manager of a DNS name server to get information such as the top N domains requests, the percentage of IPv6 queries, the most talkative clients, etc. It is part of the broader program DNSwitness.

DNSmezzo is optimized for periodic, unattended runs, for instance from a cron job. Results are typicallly stored in a databse, most of the time a rDBMS, to allow long-term surveys.

DNSmezzo is composed of a DNS parser which reads file in the popular pcap format, then stores the data in a DBMS (currently PostgreSQL) and of various programs, mostly made of SQL code which will read the data and interpret them.

For creating the pcap files, we rely mostly on pcapdump and sometimes on dnscap.

Presentations

At the RIPE 59 meeting in Lisbon:

Related programs

Download

Hosted at GitHub.

Licence

GPL See the COPYING file. DNSmezzo has been developed at AFNIC, mostly by St├ęphane Bortzmeyer.