Back

dns - bind9 - dnstop - dns monitor

发布时间: 2024-02-15 07:52:00

refer to:
https://www.cyberciti.biz/faq/dnstop-monitor-bind-dns-server-dns-network-traffic-from-a-shell-prompt/

apt update

apt install dnstop

使用:

先确定你有多少 network ip link:

$ ip link show

ubuntu@ip-172-31-15-237:~/bind9$ ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 9001 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 0a:e1:8e:8c:5e:a7 brd ff:ff:ff:ff:ff:ff
3: docker0:  mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:05:c1:03:14 brd ff:ff:ff:ff:ff:ff

dnstop -l 3 lo

就可以看到了：

按3： 就可以看到：

1: 一级域名

2: 二级域名

3. 三级子域名

可以按的按键为：

s - Sources list
d - Destinations list
t - Query types
o - Opcodes
r - Rcodes
1 - 1st level Query Names ! - with Sources
2 - 2nd level Query Names @ - with Sources
3 - 3rd level Query Names # - with Sources
4 - 4th level Query Names [nixuser]- with Sources
5 - 5th level Query Names % - with Sources
6 - 6th level Query Names ^ - with Sources
7 - 7th level Query Names & - with Sources
8 - 8th level Query Names * - with Sources
9 - 9th level Query Names ( - with Sources
^R - Reset counters
^X - Exit

? - this

可以看到跟top用法差不多

Back