On 07/18/2017 09:09 AM, Abi Askushi wrote:
I am trying to figure out how could I account the DNS traffic generated from clients in terms of bytes. My setup is a simple caching DNS with several clients querying the DNS server. I can measure the DNS traffic that is generated from the DNS server on the WAN side by using some monitoring tool (pmacct) but I am not sure how could I account this traffic to the clients that are generating this traffic. By simply monitoring the internal DNS traffic from clients I expect to not be accurate since it will include also cached responses which do not generate WAN traffic.
I'm going to assume that you are doing this for some academic purpose and not going to try to bill based on numbers of queries. (Others have commented more about the impracticality of this.)
Any suggestion how to approach this problem?
I would be tempted to see if named's query log would cover what you want. I've not used it before and have no idea if it's granular enough for what you want.
Baring that, I'd be inclined to try IPTables rules to record the bytes that each client has sent to / from the DNS server.
If you absolutely need to correlate client queries to outbound server queries, I think you're probably going to need to capture the traffic and then do some sort of post capture processing to correlate it. - I know that you can get tcpdump to do this. You might be able to get IPTables to copy the traffic and send it to user-space for capture ~> post processing.
Finally, this seems like a strange enough (in my opinion) that I'll ask what the motivation is for this request. I'm wondering if there is a different way to accomplish the goal without needing to capture this detail.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
