On Fri, 26 Jan 2007 14:40:48 +0100, Stephane Bortzmeyer <[EMAIL PROTECTED]> said:
> On Fri, Jan 26, 2007 at 02:12:53PM +0100, > Alexander Gall <[EMAIL PROTECTED]> wrote > a message of 1149 lines which said: >> We happen to have full NetFlow data for this period of time, but >> haven't analyzed it yet. It would be interesting to see, for >> example, how the distribution of queries per IP adddress > IMHO, this is the first thing to do. The rate, if I read correctly > your graph, is very low (40 kb/s) and one single broken machine could > generate it. I should have mentioned that we see the same pattern from all other peers and our transit providers. Also, I wouldn't expect to see the typical daily variations in this case. The total traffic to this server is a few hundred kilobits per second which translates into a couple hundred queries per second (most queries are below 100 bytes). I should really look at the flows, but that isn't trivial because they are stored on tape together with about 3 years worth of flows of our network. I'll have to talk to the researchers at ETH Zurich who analyze this data for various projects. -- Alex _______________________________________________ DNSOP mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dnsop
