> On 17 Sep 2024, at 22:39, Bischof, Ralph F. (MSFC-IS64)[AEGIS] via bind-users 
> <bind-users@lists.isc.org> wrote:
> 
> <!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 
> 2px solid; } --> Hello,
>   BIND 9.18.7
> RHEL 8.10 (Oopta)
>   I am being asked if it is possible to differentiate the percentage of 
> queries coming into a server that are unencrypted, DoT and DoH. 
> Example: For a given 24 hours, 50% were 53, 25% were 853 and 25% were 443.
> I cannot find a difference in the query logs to show how the query came into 
> the server. My only thought at the moment is to run ‘tcpdump’ on all of the 
> servers and script something.
> Is there some way that I just have not found within BIND?

You can use the awesome Dnstap for that. Much better than using pcap because it 
provides context.

For the CLIENT_QUERY and CLIENT_RESPONSE messages. the response_port field will 
give you that data per query.

Note that your mileage might vary if you use other DNS servers. As far as I 
know Bind has the most comprehensive Dnstap implementation by far.


Cheers,





Borja.

Attachment: signature.asc
Description: Message signed with OpenPGP

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to