About

DNS-STATS Compactor

The DNS-STATS Compactor project is a set of tools for capturing and working with DNS server traffic recorded in Compacted-DNS (C-DNS) files. C-DNS is a space-efficient file format for storing DNS traffic. It is defined in RFC8618.

Production releases 1.0.0 and later implement RFC8618. The previous production Compactor release (0.12) is based on the earlier Internet Draft draft-ietf-dnsop-dns-capture-format-04.

The DNS-STATS Compactor suite currently comprises two programs:

• compactor. Similar in usage to tcpdump, compactor reads traffic from one or more network interfaces and writes selected details to C-DNS and PCAP output files. compactor can also read and convert pre-recorded PCAP files.
• inspector. Reconstructs network traffic from C-DNS files produced by compactor. It outputs one or more PCAP files suitable for direct inspection or input to existing analysis tools. See Section 9 of RFC8618 for limitations on the reconstruction.

compactor is resource efficient, and can therefore be co-located on a nameserver. Alternatively it can be run on a standalone server with access to the network traffic to be recorded.

compactor can be configured to produce multiple output files from a single data source. compactor can optionally compress output files using the popular gzip or xz compression schemes. The output file types that may be produced are:

• C-DNS. These contain captured DNS traffic, along with some ancilliary information, e.g. ICMP and TCP Reset counts. These files are significantly smaller than PCAP files containing the same traffic.
• 'Ignored' traffic. These contain captured non-DNS and malformed DNS packets in PCAP format.
• 'Raw' traffic. These contain all packets in the captured traffic in PCAP format. They are similar to files produced by tcpdump.

DNS-STATS Compactor uses Semantic versioning for releases.

DNS-STATS Compactor was originally developed for ICANN by Sinodun IT.