DNS Firewall/statistics grapher

Ok, so how about something that collects and presents DNS statistics in a nice graphical manner? BIND 9.5 comes with a built in web server that gives you some stats but it still falls way short of the pretty graphs that you can get with rrdtool based applications such as Cacti.
 
How about being able to list the top 10 queriers and graph their usage patterns over time? What about showing what they are querying, and listing the top 10 queries? What about listing the records in your authoritative zones that are never queried, so you know you can delete them?
 
Also how about triggering an alert if the query rate goes over a certain limit? Or a certain limit from a single host? And showing what they are querying? This would help you detect hacking attempts. Maybe when this happens, get the "thing" to inject a rule into iptables that blackholes that client for a set time?
 
We’ve had all sorts of ideas but we don’t expect people to buy an appliance to do all this and stick it in front of your DNS servers. I’m thinking we just need a module that drops onto a Linux box running DNS and sniffs the port 53 traffic, so it doesn’t actually get in the way of the DNS server.
 
Just need to think of a name for it now.
Advertisements
This entry was posted in Computers and Internet. Bookmark the permalink.

One Response to DNS Firewall/statistics grapher

  1. Pingback: DNS Statistics grapher | Notes from a Nerd

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s