only queries for doains ending with recently added generic TLDs which can
be useful for tracking down hosts using internal names (maybe by relying
on automatic qualification of names i.e. xy.prod -> xy.prod.example.com)
that will conflict with new GTLDs.
As the release notes put it, 'If you use short (not fully qualified) names
internally you may be uknownlying[sic] relying on root (or other) name
servers to return NXDOMAIN for them. If so, "you're gonna have a bad time."'
* Added "qtype-any" filter for displaying ANY queries which are
now fashionable in DNS based attacks.
* Anand Buddhev pointed out that LDFLAGS= is missing from Makefile.in.
Also updated known_tlds.h.
While here dest and GROFF is not needed.
Ok sthen@ (maintainer)
dnstop is a libpcap application (a la tcpdump) that displays
various tables of DNS traffic on your network. Currently dnstop
displays tables of:
* Source IP addresses
* Destination IP addresses
* Query types
* Response codes
* Opcodes
* Top level domains
* Second level domains
* Third level domains
* etc...
dnstop supports both IPv4 and IPv6 addresses.
To help find especially undesirable DNS queries, dnstop provides a
number of filters. The filters tell dnstop to display only the following
types of queries:
* For unknown/invalid TLDs
* A queries where the query name is already an IP address
* PTR queries for RFC1918 address space
ok landry@
