How well does the compactor handle large DNS messages, e.g. AXFR

dns-stats / compactor

Tools to capture DNS traffic and record it in C-DNS files.

Other

32 stars 12 forks source link

How well does the compactor handle large DNS messages, e.g. AXFR #11

Open banburybill opened 7 years ago

banburybill commented 7 years ago

And how should it handle them?

At present I think a 300Mb AXFR will generate a few 300Mb buffers internally. This could be interesting.

banburybill commented 6 years ago

Currently you can select to ignore AXFR and IXFR. As things stand, this will record the AXFR query, but not the response RR, because we only check and ignore RR type on second and subsequent queries.

It would be better to move the Q/RRTYPE ignore into the packet decode. That way we can skip over large data we don't want. It would mean having to retain the original *COUNT values, as decoded packets would have fewer entries than the original.