dnstop监控dns服务器状态
鲁景山
官方地址
http://dns.measurement-factory.com/tools/dnstop/sample.html
安装
查询源中是否存在dnstop软件包
root@linux:~$ aptitude search dnstop
p dnstop - console tool to analyze DNS traffic
查询存在进行安装,不存在的话可以考虑编译安装或者添加适合的源
root@linux:~$ aptitude intstall dnstop
应用
参数说明
root@linx:/home/rocky# dnstop
usage: dnstop [opts] netdevice|savefile
-4 Count IPv4 packets
-6 Count IPv6 packets
-4 Count IPv4 packets
-6 Count IPv6 packets
-a Anonymize IP Addrs
-b expr BPF program code
-i addr Ignore this source IP address
-p Don't put interface in promiscuous mode
-r Redraw interval, in seconds
-l N Enable domain stats up to N components
-f filter-name
Available filters:
unknown-tlds
A-for-A
rfc1918-ptr
使用方法
dnstop + 网口
root@linx:# dnstop eth0
输出界面
Queries: 0 new, 3 total Thu Sep 27 01:40:52 2018
Sources Count %
----------- --------- ------
172.16.0.22 3 100.0
在dnstop运行时可以通过输入按键显示特定内容,如需支持二级以上域名需要使用-l+ 域名级别查看.如dnstop -l 3 eth0,支持三级域名查看
root@linx:# dnstop -l 3 eth0
Queries: 0 new, 7 total Thu Sep 27 09:48:53 2018
Source Query Name Count %
----------- ----------------- --------- ------
172.16.0.22 www.aiqiyi.com 3 42.9
172.16.0.22 ns12.xincache.com 2 28.6
172.16.0.22 ns11.xincache.com 2 28.6
交互参数说明
在dnstop运行时,可以输入如下按键,获取特定内容
S:显示源地址表
D:显示目标地址表
T:显示所见查询类型的细分
R:显示所看到的响应代码的细分
O:显示所看到的操作码的细分
1:显示第一级查询名称
2:显示第二级查询名称
3:显示了第3级查询名称
4:显示第4级查询名称
Ctr+R:重新纪录
Ctr+X:退出
官方输出实例
Query Sources
Queries: 2 new, 57 total
Sources Count %
--------------- --------- ------
xx.172.220.163 3 5.3
xx.222.204.147 3 5.3
xxx.196.24.98 3 5.3
xx.60.124.201 3 5.3
xxx.77.99.18 2 3.5
xxx.2.181.6 2 3.5
x.77.99.18 2 3.5
xxx.2.181.6 2 3.5
xx.83.0.9 1 1.8
xx.231.32.10 1 1.8
xxx.71.10.161 1 1.8
xxx.204.183.61 1 1.8
xx.38.0.108 1 1.8
xx.160.37.3 1 1.8
xx.99.135.16 1 1.8
xxx.254.254.130 1 1.8
xxx.13.29.44 1 1.8
xx.25.5.150 1 1.8
xxx.207.78.69 1 1.8
xx.211.69.181 1 1.8
1st Level Query Names
Queries: 3 new, 440 total
Query Name Count %
------------ --------- ------
com 247 56.1
org 130 29.5
net 25 5.7
in-addr.arpa 19 4.3
us 19 4.3
2nd Level Query Names
Queries: 1 new, 509 total
Query Name Count %
----------------------- --------- ------
wpad.com 153 30.1
openresolvers.org 114 22.4
packet-pushers.com 103 20.2
measurement-factory.com 27 5.3
acket-pushers.com 103 20.2
measurement-factory.com 27 5.3
squid-cache.org 19 3.7
dont-contact.us 18 3.5
ircache.net 14 2.8
xx.in-addr.arpa 13 2.6
wpad.net 6 1.2
life-gone-hazy.com 4 0.8
wpad.org 4 0.8
web-polygraph.org 4 0.8
web-cache.com 4 0.8
wrec.org 4 0.8
wpad.us 3 0.6
nlanr.net 3 0.6
xx.in-addr.arpa 2 0.4
iwcw.org 2 0.4
Query Source and 2nd Level Domain
Queries: 2 new, 738 total
Source Query Name Count %
-------------- ----------------------- --------- ------
xx.160.37.4 measurement-factory.com 31 4.2
xxx.88.64.49 wpad.com 28 3.8
xxx.88.64.50 packet-pushers.com 14 1.9
xx.160.37.4 12.in-addr.arpa 12 1.6
xxx.88.64.50 wpad.com 7 0.9
xx.83.0.9 wpad.com 7 0.9
xx.160.37.4 life-gone-hazy.com 6 0.8
xxx.190.163.10 packet-pushers.com 4 0.5
xxx.155.0.15 packet-pushers.com 4 0.5
xx.18.192.242 wpad.com 4 0.5
xxx.69.16.18 packet-pushers.com 3 0.4
xx.140.11.85 packet-pushers.com 3 0.4
xxx.69.16.18 packet-pushers.com 3 0.4
xx.140.11.85 packet-pushers.com 3 0.4
xxx.44.212.65 openresolvers.org 3 0.4
xx.160.37.4 74.in-addr.arpa 3 0.4
xx.18.251.250 wpad.com 3 0.4
xxx.104.96.79 wpad.com 3 0.4
xxx.126.96.162 ircache.net 3 0.4
xxx.137.171.10 wpad.com 3 0.4
Query Types
Queries: 3 new, 854 total
Query Type Count %
---------- --------- ------
A? 489 57.3
AAAA? 142 16.6
MX? 107 12.5
A6? 45 5.3
SOA? 45 5.3
PTR? 26 3.0
类似资料: