Dnstop – monitoring of requests to the DNS server

Dnstop allows you to make a list of hosts that most send requests to the DNS server, so you can detect viruses on the network and understand who is attacking.

The utility is installed in Ubuntu/Debian by the command:

sudo apt-get install dnstop

Start-up example:

dnstop
dnstop -n google.com eth0

I’ll describe the list of possible startup keys:

-4 (number of IPv4 packets)
-6 (number of IPv6 packets)
-Q (number of requests)
-R (number of answers)
-a (anonymous IP addresses)
-i ADDRESS (ignoring the specified IP address)
-n NAME (number of requests for the specified address only)
-l NUMBER (monitoring up to the specified number of requests)
-f (filter name)

See also my article:
Configuring Fail2Ban for Bind9

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply