dns-probe-dpdk [-i interface | -p pcap [-r] | -d socket | -k knot_count [-s knot_path]] [-l logfile] [-n instance] [-c config_file] [-h]


dns-probe-dpdk is a network traffic probe that captures DNS queries and corresponding responses and exports them as configurable records about individual DNS transactions.

dns-probe-dpdk can either listen on an interface or read packets from a PCAP file or read dnstap data from a unix socket or read Knot interface data from a unix socket. The -i, -p, -d and -k options are mutually incompatible but either of them (except -k) can be used repeatedly.

Depending on the configuration, dns-probe-dpdk exports the transaction records in either Parquet or C-DNS format.


-i interface

Listen on the network interface with the given name, such as eth0, or with the given PCI ID, such as 00:1f.6 or 0000:00:1f.6.

-p pcap

Read input from the given PCAP file.


Indicates raw PCAP format.

-d socket

Read dnstap input from given unix socket.

-k knot_count

Number of Knot interface sockets to create

-s knot_path

Path to directory in which to create Knot interface sockets. Default /tmp.

-l logfile

Write logging messages to logfile instead of standard output.

-n instance

Unique identifier (for configuration purposes) for given instance of DNS Probe.

-c config_file

YAML file to load configuration from.


Print help message and exit.

Exit Status

Normal exit
Exit based on receiving restart operation from remote management API