[dnstap] reading DNSTAP from a remote machine
Robert Edmonds
edmonds at mycre.ws
Thu Mar 12 01:54:05 UTC 2015
Joseph Gersch wrote:
> OK. So I built a little python proxy to read the AF_UNIX stream and just push it out to network sockets (I’m ignoring security for now). Then I wrote several “receivers” that connect to the network socket, read the stream, and draw graphs of RCODES or a pareto of SERVFAIL names and other diagnostic info. DNSTAP is going to be an incredibly useful tool.
Cool. That proxy functionality is something I'd like to have in the
core fstrm implementation. Was the Frame Streams handshake/framing easy
to implement in Python?
> BTW, I dont know much about it, but what do you think of DNSFLOW? Seems like it has the possiblity of sampling, and only sends client-responses. It could be useful at some levels, but DNSTAP seems much more powerful.
I think the name "dnsflow" has been used at least a couple of times for
different projects, at least I know of the Deepfield and CZ.NIC Labs
versions. I haven't looked at them in a while, though.
--
Robert Edmonds
More information about the dnstap
mailing list