search

gamelinux / passivedns

A network sniffer that logs all DNS server replies for use in a passive DNS setup
http://gamelinux.org/
1.67k stars 374 forks source link

Can this deals with big scale DNS flow? #111

Open gao-hui opened 5 years ago

gao-hui commented 5 years ago

Can this program deals with big scale dns flow, like 1TB per day of bro dns logs?

gamelinux commented 3 years ago

I assume, depending on your hardware. For my big pipe, I used to use pf_ring and zbalance to start more passivedns processes to share the load. Worked great. But I did not want to depend on pf_ring, so I wrote a passivedns version in golang. This does not seem to have any performance issues at all on the traffic I have tested it on.

kalin-kozhuharov-exa commented 2 years ago

@gamelinux : "a passivedns version in golang" ...? Is that available somewhere?

gamelinux commented 2 years ago

No. I wrote it while learning Go, and to see if it was possible. I started re-writing it for a release here on github, but $time.....