Title : Port of the week: dnstop Author: Solène Date : 18 April 2018 Tags : unix Dnstop is an interactive console application to watch in realtime the DNS queries going through a network interface. It currently only supports UDP DNS requests, the man page says that TCP isn't supported. It has a lot of parameters and keybinding for the interactive use To install it on OpenBSD: `doas pkg_add dnstop` We will start dnstop on the wifi interface using a depth of 4 for the domain names: as root type `dnstop -l 4 iwm0` and then press '3' to display up to 3 sublevel, the `-l 4` parameter means we want to know domains with a depth of 4, it means that if a request for the domain my.very.little.fqdn.com. happens, it will be truncated as very.little.fqdn.com. If you press '2' in the interactive display, the earlier name will be counted in the line fqdn.com'. Example of output: Queries: 0 new, 6 total Tue Apr 17 07:17:25 2018 Query Name Count % cum% --------------- --------- ------ ------ perso.pw 3 50.0 50.0 foo.bar 1 16.7 66.7 hello.mydns.com 1 16.7 83.3 mydns.com.lan 1 16.7 100.0 If you want to use it, read the man page first, it has a lot of parameters and can filters using specific expressions.