From owner-freebsd-chat@FreeBSD.ORG  Wed Nov  5 17:59:05 2003
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Delivered-To: freebsd-chat@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0E45916A4CE
	for <chat@freebsd.org>; Wed,  5 Nov 2003 17:59:05 -0800 (PST)
Received: from mail1.zer0.org (klapaucius.zer0.org [204.152.186.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C051043FDD
	for <chat@freebsd.org>; Wed,  5 Nov 2003 17:59:03 -0800 (PST)
	(envelope-from gsutter@zer0.org)
Received: by mail1.zer0.org (Postfix, from userid 1001)
	id 93963239A0E; Wed,  5 Nov 2003 17:59:03 -0800 (PST)
Date: Wed, 5 Nov 2003 17:59:03 -0800
From: Gregory Sutter <gsutter@zer0.org>
To: "Jason C. Wells" <jcw@highperformance.net>
Message-ID: <20031106015903.GJ98272@klapaucius.zer0.org>
References: <Pine.BSF.4.44.0311031830500.3218-100000@s1.stradamotorsports.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="KjX7LgAomYr70Ka9"
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.44.0311031830500.3218-100000@s1.stradamotorsports.com>
Organization: Zer0
X-Purpose: For great justice!
Mail-Copies-To: poster
X-PGP-Fingerprint: D161 E4EA 4BFA 2427 F3F9  5B1F 2015 31D5 845D FEDD
X-PGP-Key: http://zer0.org/~gsutter/gsutter.pgp
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
User-Agent: Mutt/1.5.4i
cc: chat@freebsd.org
Subject: Re: Too Much DNS Traffic / Analysis
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Nov 2003 01:59:05 -0000


--KjX7LgAomYr70Ka9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2003-11-03 18:54 -0800, "Jason C. Wells" <jcw@highperformance.net> wrote:
>=20
> In 'ipfw show' I can see that 528 packets came in on smtp.  20 packets
> came in on http.  Something like 40,000 packets came in on DNS in one day.
> This seems to be way too much DNS traffic for the little bit of use my
> network sees.

Packets is not that useful a measure of figuring out where DNS traffic
originates.  Have you enabled query logging to see what is causing all
the traffic?

I cleaned up a shell script I wrote to make a simple query analysis
and put it up on <http://zer0.org/bsd/>.  Perhaps this would be of
assistance in finding the source of your DNS traffic.

Greg
--=20
Gregory S. Sutter                     My reality check just bounced.
mailto:gsutter@zer0.org=20
http://zer0.org/~gsutter/=20

--KjX7LgAomYr70Ka9
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iD8DBQE/qarnIBUx1YRd/t0RAvYaAJ9wKZpN1qc/hLfr+gS3lGGJSRdDngCcCYjJ
TnR0Ig8L/m6fkrAST4ocZAw=
=KBL7
-----END PGP SIGNATURE-----

--KjX7LgAomYr70Ka9--