Overview¶
DNS Probe is a high-speed DNS monitoring software developed as a part of the ADAM project by CZ.NIC Laboratories in cooperation with Brno University of Technology, Faculty of Information Technology.
DNS Probe is able to extract DNS packets from live network traffic, pcap traces, dnstap data supplied by unix sockets or Knot interface, match client queries with the corresponding server responses and export consolidated records about individual DNS transactions.
DNS Probe is typically deployed together with a DNS server (autoritative or recursive), capturing and processing the traffic received and sent by the server.
Main features¶
- scalable performance with a configurable number of packet processing threads and uniform packet distribution using RSS
- packet capture via either raw socket (AF_PACKET) or, alternatively, DPDK
- DNS queries and responses are extracted from both UDP and TCP
- configurable export of data about DNS transactions in C-DNS [RFC8618] or Apache Parquet formats
- optional configurable export of run-time statistics in JSON format [RFC8259]
- configuration via YAML file
License¶
DNS Probe is licensed under the GNU General Public License version 3 or (at your option) any later version. The full text of the license is available in the COPYING file distributed with source code.
