Frank Bulk wrote:
I would not recommend sucking in your dns log into array, rather, read line by line and iterate over the file, line by line.
Agreed. Python and Pytailer <http://code.google.com/p/pytailer/> are particularly good tools for this application, running as a daemon and implementing IP filters as needed. This is all, however, treating symptoms. The root cause would be far better fixed with a named patch implementing Chris Paul's recommendation to NANOG back in August:
Chris Paul wrote
Sorry if this is real stupid for some reason because I don't think about DNS all day (I'm the ldap dude) but since we have faster networks and faster cpus today, what would be the harm in switching to use TCP for DNS clients? The latency on the web isn't dns anymore ever it seems to me.....
That's the best idea I've read so far. You wouldn't want to toggle protocols on the first mismatch, but maybe the 10th or 50th. Would also be worthwhile to factor in some rate limiting and an algorithm for timing the toggle-back. Stir in some simple statefulness via btree and voila.
Roger Marquis