💾 Archived View for perso.pw › blog › articles › potw-dnstop.gmi captured on 2023-04-26 at 13:58:26. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

➡️ Next capture (2023-05-24)

-=-=-=-=-=-=-

Port of the week: dnstop

NIL=> Comment on Mastodon

Dnstop is an interactive console application to watch in realtime the

DNS queries going through a network interface. It currently only

supports UDP DNS requests, the man page says that TCP isn't supported.

It has a lot of parameters and keybinding for the interactive use

To install it on OpenBSD: `doas pkg_add dnstop`

We will start dnstop on the wifi interface using a depth of 4 for the

domain names: as root type `dnstop -l 4 iwm0` and then press '3' to

display up to 3 sublevel, the `-l 4` parameter means we want to know

domains with a depth of 4, it means that if a request for the domain

my.very.little.fqdn.com. happens, it will be truncated as

very.little.fqdn.com. If you press '2' in the interactive display, the

earlier name will be counted in the line fqdn.com'.

Example of output:

Queries: 0 new, 6 total Tue Apr 17 07:17:25 2018

Query Name Count % cum%

--------------- --------- ------ ------

perso.pw 3 50.0 50.0

foo.bar 1 16.7 66.7

hello.mydns.com 1 16.7 83.3

mydns.com.lan 1 16.7 100.0

If you want to use it, read the man page first, it has a lot of

parameters and can filters using specific expressions.