Title : Port of the week: dnstop
Author: Solène
Date : 18 April 2018
Tags : unix
Dnstop is an interactive console application to watch in realtime the
DNS queries going through a network interface. It currently only
supports UDP DNS requests, the man page says that TCP isn't supported.
It has a lot of parameters and keybinding for the interactive use
To install it on OpenBSD: `doas pkg_add dnstop`
We will start dnstop on the wifi interface using a depth of 4 for the
domain names: as root type `dnstop -l 4 iwm0` and then press '3' to
display up to 3 sublevel, the `-l 4` parameter means we want to know
domains with a depth of 4, it means that if a request for the domain
my.very.little.fqdn.com. happens, it will be truncated as
very.little.fqdn.com. If you press '2' in the interactive display, the
earlier name will be counted in the line fqdn.com'.
Example of output:
Queries: 0 new, 6 total Tue Apr 17 07:17:25 2018
Query Name Count % cum%
--------------- --------- ------ ------
perso.pw 3 50.0 50.0
foo.bar 1 16.7 66.7
hello.mydns.com 1 16.7 83.3
mydns.com.lan 1 16.7 100.0
If you want to use it, read the man page first, it has a lot of
parameters and can filters using specific expressions.