Em 04/01/2013, às 14:05:000, Matthew Pounsett escreveu: > > A friend of mine at an ISP asked me recently whether I had any suggestions > for fingerprinting stub resolvers. They've got pcaps from the downstream > side of their caching servers and are looking at trying to pull more > interesting statistics than query counts out of them. I didn't have any good > suggestions, but it seems like an interesting question to ask of one's name > server. Has anyone else tackled this before? Do tools exist?
One could try looking for queries similar to the ones fpdns does: https://github.com/kirei/fpdns fpdns uses very unusual, borderline queries, to try to identify the servers, so it might not find much samples in the usual traffic. Rubens _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
