 |
Title: Port of the week: dnstop |
|
Author: Solène |
|
Date: 18 April 2018 |
|
Tags: unix |
|
Description: |
|
|
|
Dnstop is an interactive console application to watch in realtime the |
|
DNS queries going through a network interface. It currently only |
|
supports UDP DNS requests, the man page says that TCP isn't supported. |
|
|
|
It has a lot of parameters and keybinding for the interactive use |
|
|
|
To install it on OpenBSD: `doas pkg_add dnstop` |
|
|
|
We will start dnstop on the wifi interface using a depth of 4 for the |
|
domain names: as root type `dnstop -l 4 iwm0` and then press '3' to |
|
display up to 3 sublevel, the `-l 4` parameter means we want to know |
|
domains with a depth of 4, it means that if a request for the domain |
|
my.very.little.fqdn.com. happens, it will be truncated as |
|
very.little.fqdn.com. If you press '2' in the interactive display, the |
|
earlier name will be counted in the line fqdn.com'. |
|
|
|
Example of output: |
|
|
|
Queries: 0 new, 6 total Tue Apr 17 |
|
07:17:25 2018 |
|
|
|
--------------- --------- ------ ------ |
|
perso.pw 3 50.0 50.0 |
|
foo.bar 1 16.7 66.7 |
|
hello.mydns.com 1 16.7 83.3 |
|
mydns.com.lan 1 16.7 100.0 |
|
|
|
If you want to use it, read the man page first, it has a lot of |
|
parameters and can filters using specific expressions. |
