is an excellent tool to monitor the BIND (named) service traffic and also live queries like A, MX, PTR, CNAME record on real time. This tool comes with multiple options which helps us to sort the max TLD traffic, query types, source ips, no of hits etc.
Installing Dnstop
Dnstop source code is available here , if you are using centOS or RHEL the easy way of installing is by using rpm click here to download rpm and before you install the dnstop rpm make sure the libpcap-devel and ncurses-devel are already installed and if not you can install it using yum
- # yum install libpcap-devel ncurses-devel
Dnstop help
To start with this tool, just use dnstop with the interface name. For example
- # dnstop <interface-name>
# dnstop eth0
The output will look similar below.
Dnstop Interface
To reset the counter, use ^R and to exit from dnstop use ^X
Finding out maximum traffic generating by TLD’s
- # dnstop eth0
Press 1 while running the dnstop and the output will look similar below.
Dnstop Tld Traffic
And to find the actual domain names press 2 while dnstop is running to get the output similar to below.
Press t to get the record based hits as below
Dnstop record query
Useful Links :
Dnstop home page