DNS Analyzer

Note: This project is currently in maintainance mode. No new updates are currently planned except to fix bugs.


The DNS Analyzer is a tool to analyze DNS traffic from tcpdump/libpcap trace files. The purpose of the DNS Analyzer is to analyze DNS trace files from the DNS root servers to find traffic that is unnecessary.

The DNS Analyzer can also be used to convert trace files into R data files. R can be used to perform fine-grained statistical analysis of the data. Some sample R functions are provided in the R/dns.R file that can be found in the source distribution.

The manual page describes how the DNS Analyzer is used.


In the future the DNS Analyzer should be able to detect suspicious or unnecessary traffic in real-time. This information can then be used to interface with a DNS server to handle this traffic specially.


The current DNS Analyzer is version 0.3.0. The software has been compiled and run on Linux, FreeBSD, and Solaris 8. An ISO C++ compiler (such as GCC 3.2 or higher) and the libpcap library is required to build the software.


Version 0.3.0
dns-analyzer-0.3.0.tar.gz (105 Kb).
Version 0.2.0
dns-analyzer-0.2.0.tar.gz (103 Kb).

Contact Information

Please mail if you would like to comment on this software.

Wed Sep 25 2013

© Stichting NLnet Labs

Science Park 400, 1098 XH Amsterdam, The Netherlands

labs@nlnetlabs.nl, subsidised by NLnet and SIDN.