> We've got a busy DNS that sometimes receives 1-million > queries per hour so I am going at this _carefully_. The object > here is to save a minute or so's worth of queries and then check > to see if certain systems have made queries.
1 million queries per hour is less than 300 queries per second, which is a fairly low query rate. Normal bind logging should handle this just fine, or you could use an explicit sniffer application (tcpdump, dnscap etc) to perform your logging. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
